<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">So the routing tables look like this: <div class=""><br class=""></div><div class=""><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">sudo ip rule list</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">0:<span class="Apple-tab-span" style="white-space:pre">    </span>from all lookup local </div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">220:<span class="Apple-tab-span" style="white-space:pre">       </span>from all lookup 220 </div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">32766:<span class="Apple-tab-span" style="white-space:pre">       </span>from all lookup main </div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">32767:<span class="Apple-tab-span" style="white-space:pre">      </span>from all lookup default </div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px;" class=""><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class="">sudo ip route list table 220</div><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class="">10.1.0.0/16 via 192.168.1.1 dev p4p1  proto static  src 10.1.13.1 </div><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class=""><br class=""></div><div style="margin: 0px;" class=""><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class="">ip route //that is the same as "ip route list table main” So this won’t be consulted when 10.1.13.0/24 packets are managed</div><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class="">default via 192.168.1.1 dev p4p1 </div><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class="">10.1.13.0/24 dev p5p1  proto kernel  scope link  src 10.1.13.1 </div><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class="">192.168.1.0/24 dev p4p1  proto kernel  scope link  src 192.168.1.162 </div><div style="font-family: Menlo; font-size: 11px; margin: 0px;" class=""><br class=""></div><div style="margin: 0px;" class="">So why shouldn’t I use policy based routing? I did not change anything like this…</div><div style="margin: 0px;" class=""><br class=""></div><div style="margin: 0px;" class="">Kind regards </div><div style="margin: 0px;" class="">Christian Hanster</div></div></div><div><blockquote type="cite" class=""><div class="">On 04 Sep 2015, at 19:53, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" class="">noel@familie-kuntze.de</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><br class="">-----BEGIN PGP SIGNED MESSAGE-----<br class="">Hash: SHA256<br class=""><br class="">Hello Christian,<br class=""><br class="">What does your main routing table look like? Do you use policy based routing?<br class="">$ ip route<br class="">AFAIK strongSwan parses the main table and maintains<br class="">its own table 220 to install rules and handle routing to remote subnets.<br class=""><br class=""><br class="">- -- <br class=""><br class="">Mit freundlichen Grüßen/Kind Regards,<br class="">Noel Kuntze<br class=""><br class="">GPG Key ID: 0x63EC6658<br class="">Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br class=""><br class="">-----BEGIN PGP SIGNATURE-----<br class="">Version: GnuPG v2<br class=""><br class="">iQIcBAEBCAAGBQJV6dqZAAoJEDg5KY9j7GZYPlQP/2lVUv1dGheOgPFk4IX6OCBg<br class="">U1eNYiBdZSBBBJyQ6/xNnSbkODeXRKOm6FzhXpv4EjuIJyWwM4PCAiIhdxTdYxZp<br class="">7lzksraJI5OfF7kJbVMsdN7ESmnk3SN25DJCh/OZNy28XL9YR0ckFyAyVL5X+sNJ<br class="">wKAep4XAYkKsvZTsqwm+XvWmkTTLuUwufKKY6PLcqhS8Burt3WoiEkUYluz5b/is<br class="">96G58Gpd7H2MbALyg5gpKKRC3fgTF7dlOL49Ozlm5p59wXQcTl0CaXAfz4axnLHt<br class="">Ezo/1pzhEVbyOzBZpsVfcwR1Iki3jW1Tl7miVoKeTfr6XGfUvS2s81xQ9JdRfK1z<br class="">AVcb+y0CG304BI+/WlV2gJJKqp0QrKMtboHGQXaHc5wtXqiQB+9uwOQIath9939i<br class="">zQmnlysYAaveLOFI6/LohijCsE3lOcqWcWQ5KXaMk3nbGIiqg88Gl3uri90beQgW<br class="">RDx6Tepnir1GkMlK703GWG9N8DIzp92sUJjU9p9e0Ud0jL9LzNCNU8rfWIYkiDH4<br class="">hhi8WSkHD5vN9XF3B3e0koH+c5ola64oWMQaVQD2V0fCTGS3ZNRKaZ0NF4d4kQzE<br class="">ESvgKr8Dj/5HWmuHb8ULpxkMlReqcj+GhsxX7/5CBTUl2HgJsglLJPtPtqzjh2Ob<br class="">oN6W/r5gHMU0UUDpFHhY<br class="">=QNVc<br class="">-----END PGP SIGNATURE-----<br class=""><br class=""></div></blockquote></div><br class=""></div></body></html>