<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<blockquote type="cite">
I'm sorry to say this but that was unnecessary because you can disable the plugins in the configuration. You do not need to recompile anything.
</blockquote>
<p class="default-style"><span style="font-family: "courier new", courier;">Well it was a learning experience for me :)</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">I looked in the stock EPEL configuration directories created for strongswan. /etc/strongswan/strongswan.d/charon/kernel-libipsec.conf had "load=yes".</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">I changed this to "load=no" on both systems and restarted strongswan</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">Now I get:</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">[root@CentralRouter]# strongswan up CentralEast</span><br><span style="font-family: "courier new", courier;">establishing CHILD_SA CentralEast{8}</span><br><span style="font-family: "courier new", courier;">generating CREATE_CHILD_SA request 0 [ SA No TSi TSr ]</span><br><span style="font-family: "courier new", courier;">sending packet: from WW.XX.YY.ZZ[4500] to AA.BB.CC.DD[4500] (620 bytes)</span><br><span style="font-family: "courier new", courier;">received packet: from AA.BB.CC.DD[4500] to WW.XX.YY.ZZ[4500] (476 bytes)</span><br><span style="font-family: "courier new", courier;">parsed CREATE_CHILD_SA response 0 [ SA No TSi TSr ]</span><br><span style="font-family: "courier new", courier;">selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ</span><br><span style="font-family: "courier new", courier;">CHILD_SA CentralEast{8} established with SPIs cd247e35_i fef555a5_o and TS 10.64.0.0/16,10.128.0.0 === 10.0.0.0/16</span><br><span style="font-family: "courier new", courier;">connection 'CentralEast' established successfully</span></p>
<p class="default-style"><br><span style="font-family: "courier new", courier;">Yeaaaaaaaaa!</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">Uh... not so fast :(</span></p>
<p class="default-style"><br><span style="font-family: "courier new", courier;">[root@CentralRouter]# ping 10.0.0.1</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.</span><br><span style="font-family: "courier new", courier;">^C</span><br><span style="font-family: "courier new", courier;">--- 10.0.0.1 ping statistics ---</span><br><span style="font-family: "courier new", courier;">10 packets transmitted, 0 received, 100% packet loss, time 3052ms</span></p>
<p class="default-style"><br><span style="font-family: "courier new", courier;">[root@CentralRouter]# strongswan status </span><br><span style="font-family: "courier new", courier;">Security Associations (4 up, 0 connecting):</span><br><span style="font-family: "courier new", courier;"> CentralEast[9]: ESTABLISHED 7 minutes ago, WW.XX.YY.ZZ[WW.XX.YY.ZZ]...AA.BB.CC.DD[AA.BB.CC.DD]</span><br><span style="font-family: "courier new", courier;"> CentralEast{7}: INSTALLED, TUNNEL, reqid 4, ESP in UDP SPIs: cdc46ed8_i fd5e2ca8_o</span><br><span style="font-family: "courier new", courier;"> CentralEast{7}: 10.64.0.0/16,10.128.0.0/24 === 10.0.0.0/16</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">however,</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">[root@CentralRouter]# ip route show match 10.0.0.1</span><br><span style="font-family: "courier new", courier;">default via WW.XX.YY.ZZ dev Internet proto static metric 351</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">[root@CentralRouter]# ip route show table 220</span><br><span style="font-family: "courier new", courier;">10.0.0.0/16 via WW.XX.YY.ZZ dev Internet proto static src 10.64.0.1</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;"><br></span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">so it appears the traffic is attempting to route over my regular internet ip link rather than the ipsec tunnel?</span></p>
<p class="default-style"><span style="font-family: "courier new", courier;">Not sure where to go from this point, but thanks for the help so far. Overcame one hurdle but looks like I have another.</span></p>
</body>
</html>