Mailing List Archive: Using --local-addr does not bind ESP packets

When using vpnc's --local-addr option it fails to bind ESP packets
to that address. They tend to go out the wrong interface.

In vpnc.c, on approx line 2807, after esp_fd has been
initialized from socket() there should be a bind() instance
to bind to the local address much like is done in make_socket().

The local port number is irrelevant for ESP, of course.

But without this bind() one can observe ESP packets
leaving the wrong interface, albeit with the source
address correctly set. bind() must be used to ensure
that the ESP packets are correctly routed.

_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

On Wed, Nov 28, 2012 at 9:32 AM, <icap@zacglen.net> wrote:
>
> When using vpnc's --local-addr option it fails to bind ESP packets
> to that address. They tend to go out the wrong interface.
>
> In vpnc.c, on approx line 2807, after esp_fd has been
> initialized from socket() there should be a bind() instance
> to bind to the local address much like is done in make_socket().
>
> The local port number is irrelevant for ESP, of course.
>
> But without this bind() one can observe ESP packets
> leaving the wrong interface, albeit with the source
> address correctly set. bind() must be used to ensure
> that the ESP packets are correctly routed.

Good! Well spotted!
I did not run any test, but just check the code and what you write
seams correct.
Would be nice if you could provide a patch.

What solution you suggest?
- just add bind() after socket() ?
- extend make_socket() to handle ESP ?
- create a make_esp_socket() ?
- ...

Thanks,
Antonio
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/