Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenBSD IPSEC VPN question

From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 30 Apr 2013 18:31:45 -0400
I'd expect a connect() to bind implicitly to IP_ADDR_ANY and have the system fill in the source address by default 
based on the destination route if the client doesn't specify an explicit bind address and for traffic destined to go 
through the VPN to do so- it sounds like it doesn't- but without more data, I'd be wary of troubleshooting it (NAT, 
filtering...)

However, I'd also advocate being able to explicitly set the bind() address to prevent data leakage to less-specific 
routes in the case of interface or route failure- especially for logs.

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar

On Apr 30, 2013, at 15:56, Bennett Todd <bet () rahul net> wrote:


When you've got a vpn up, you're multi-homed, the Unix way for a client to choose a network to use, when there are 
multiple choices, is to specify the src ip to bind to.

I think that's the behavior I'd expect anywhere.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: