[strongSwan] routing issue with IKEv1 tunnels after upgrade to 4.5.0
Benoit Foucher
benoit at bittrap.com
Mon Dec 6 10:44:14 CET 2010
Hi,
I still have an issue with my IKEv1 tunnels after upgrading from 4.4.1 to 4.5.0. Depending on the connection establishment order the packets from one tunnel are not correctly routed. Here's the setup of the 2 tunnels (striped down of the certs config):
conn %default
keyexchange=ikev1
left=%defaultroute
leftsourceip=192.168.128.1
leftsubnet=192.168.0.0/16
right=%any
conn t1
rightsubnet=192.168.5.0/24
auto=add
conn defaultTunnel
rightsubnet=192.168.0.0/16
auto=add
The network of the strongSwan server is 192.168.128.0/24. I want to route 192.168.5.0/24 network traffic through t1, 192.168.128.0/24 traffic is local and all other traffic should go through "defaultTunnel".
If "defaultTunnel" is established first and t1 second, the strongSwan server receives the traffic from the tunnel t1 but doesn't send back packets through it. The traffic seems to always be routed to the tunnel "defaultTunnel". If t1 is established first and "defaultTunnel" second, it works.
Any ideas why this doesn't work anymore after upgrading? Is there a way to ensure this always work regardless of the connection establishment order?
Thanks again for your help.
Cheers,
Benoit.
More information about the Users
mailing list