<HTML>
<HEAD>
<TITLE>Multiple networks source address</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Hello,<BR>
<BR>
I ran into a seemingly strange issue using openser to proxy an invite from the public internet to a private ipsec tunnel on my network.<BR>
<BR>
The problem appears to be caused by the fact that the packet is sent out to on the correct interface ( eth1 in my case ) but still is using the source address of et0 in the ip header. This is causing my ipsec tunnel to ignore the packet.<BR>
<BR>
Is there anyway to control the source addr in the IP header?<BR>
<BR>
Using a simple python script to send a upd packet across the same path I have verified this is not a tunnel issue.<BR>
<BR>
Example<BR>
et0: 4.X.X.229 packet arrives on this interface<BR>
eth1: 10.X.X.13 packet is sent out this interface<BR>
<BR>
RURI is re-written and t_relay is used to send the packet to <BR>
destination: 10.X.X.115<BR>
<BR>
Here is a partially redacted packet as captured by tethereal:<BR>
<BR>
Frame 1 (982 bytes on wire, 982 bytes captured)<BR>
Arrival Time: Jan 2, 2007 16:49:35.536412000<BR>
[Time delta from previous packet: 0.000000000 seconds]<BR>
[Time since reference or first frame: 0.000000000 seconds]<BR>
Frame Number: 1<BR>
Packet Length: 982 bytes<BR>
Capture Length: 982 bytes<BR>
[Frame is marked: False]<BR>
[Protocols in frame: eth:ip:udp:sip:sdp]<BR>
Ethernet II, Src: DellComp_f6:27:19 (00:06:5b:f6:27:19), Dst: DellComp_ec:8d:a3 (00:06:5b:ec:8d:a3)<BR>
Destination: DellComp_ec:8d:a3 (00:06:5b:ec:8d:a3)<BR>
Address: DellComp_ec:8d:a3 (00:06:5b:ec:8d:a3)<BR>
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)<BR>
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)<BR>
Source: DellComp_f6:27:19 (00:06:5b:f6:27:19)<BR>
Address: DellComp_f6:27:19 (00:06:5b:f6:27:19)<BR>
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)<BR>
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)<BR>
Type: IP (0x0800)<BR>
<FONT COLOR="#FF0000"><B>Internet Protocol, Src: 4.X.X.229 (4.X.X.229), Dst: 10.X.X.108 (10.X.X.108) ------> should source from 10.X.X.13 not 4.X.X.229<BR>
</B></FONT> Version: 4<BR>
Header length: 20 bytes<BR>
Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)<BR>
0001 00.. = Differentiated Services Codepoint: Unknown (0x04)<BR>
.... ..0. = ECN-Capable Transport (ECT): 0<BR>
.... ...0 = ECN-CE: 0<BR>
Total Length: 968<BR>
Identification: 0x0076 (118)<BR>
Flags: 0x04 (Don't Fragment)<BR>
0... = Reserved bit: Not set<BR>
.1.. = Don't fragment: Set<BR>
..0. = More fragments: Not set<BR>
Fragment offset: 0<BR>
Time to live: 64<BR>
Protocol: UDP (0x11)<BR>
Header checksum: 0x1dfe [correct]<BR>
[Good: True]<BR>
[Bad : False]<BR>
Source: 4.X.X.229 (4.X.X.229)<BR>
Destination: 10.X.X.108 (10.X.X.108)<BR>
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 6060 (6060)<BR>
Source port: 5060 (5060)<BR>
Destination port: 6060 (6060)<BR>
Length: 948<BR>
Checksum: 0x1c67 [incorrect, should be 0x222a]<BR>
Session Initiation Protocol<BR>
Request-Line: INVITE sip:+1720560XXXX@10.X.X.108:6060 SIP/2.0<BR>
Method: INVITE<BR>
[Resent Packet: False]<BR>
Message Header<BR>
Record-Route: <sip:4.X.X.229;lr;ftag=as0473b81f><BR>
Via: SIP/2.0/UDP 4.X.X.229;branch=z9hG4bK7a42.e0b9bac5.0<BR>
Transport: UDP<BR>
Sent-by Address: 4.X.X.229<BR>
<BR>
<BR>
<BR>
.....<BR>
<BR>
<BR>
Any clues on how to fix this problem?<BR>
<BR>
Thanks,<BR>
<BR>
T.R.<BR>
</SPAN></FONT>
</BODY>
</HTML>