[strongSwan-dev] Route installation error on system with default-free routing table.

[Oliver]

Hi Folks,

So here’s the scenario:
        left=<leftPublic>
        right=<rightPublic>
        auto=start
        leftsubnet=192.168.3.0/24,192.168.5.11/32
        rightsubnet=10.232.195.0/24,10.232.196.0/24,192.168.50.0/24
        keyingtries=%forever
        dpdaction=restart
        authby=psk
        compress=no
        type=tunnel
        mobike=no
        ikelifetime=24h
        lifetime=1h
        ike=aes256gcm16-prfsha512-modp2048
        esp=aes256gcm16-modp2048

the left side is a linux box running kernel 3.18.9 with full tables and no 
default route so consequently, kernel-netlink has “fwmark = !13370”

the right side is a far more trivial setup and simply uses a default route and 
consequently, doesn't have any issues other than failures to get a response 
out of the left side during a rekey (which of course hits the retrans timeout, 
kills the IKE and results in a full restart)

Now, the tunnel comes up successfully, but errors are seen and it currently 
appears that it fails in a bad way at renegotiation of ESP and only recovers 
after the entire IKE resets.
The error is the following, repeated several times (appears to be one for each 
right side subnet):
Nov 19 15:27:17 prodege-rtr charon[6028]: 08[KNL] received netlink error: 
Network is unreachable (101)
Nov 19 15:27:17 prodege-rtr charon[6028]: 08[KNL] unable to install source 
route for 192.168.3.1

If anyone can shed some light on this issue it would be much appreciated.

Thanks,
Oliver