Re: IPSec / FreeSWAN (linux) - Question 'bout VPN

[Hakan Olsson <ho@rfc.se>]

On Mon, 9 Feb 2004, Conde Dracula wrote:
...
> > I'm confused by the fact that the trace starts with some
> > pre-shared key offers (from 0.0.0.0 -- is that due you
> > editing the log?)
> Not at all. I've only modified the static_ip gateway and replaced it with
> 200.200.200.200
> I don't know where that 0.0.0.0 comes from. Perhaps it means 'localhost' ?

More or less.

Since it is the initiator isakmpd that is logging the packets, it does not
yet know which IP address the OS it is running on will use as source
address when talking to the other peer. This perhaps becomes obvious when
one considers a machine with many interfaces (e.g a router/firewall). The
actual selection is done by the kernel, i.e IP-routing is not isakmpd's
job. :)

18:33:05.338910 0.0.0.0.500 > 200.200.200.200.500:  [udp sum ok] isakmp v1.0 exchange ID_PROT
	cookie: 5f4e28f59d8e5437->0000000000000000 msgid: 00000000 len: 80
	payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY

isakmpd has to wait for the reply to figure it out, which is why the
output is updated with "our address" as soon as the reply arrives.

/H