[strongSwan] route-client error
Martin Willi
martin at strongswan.org
Fri Jul 2 12:13:21 CEST 2010
Hi,
> I've compiled strongswan with user vpn and group vpn.
If you use non-root users, you'll need support for capability handling
too. Add --with-capabilities=libcap to ./configure.
> route-client output: Not sufficient rights to flush
It is not possible to propagate the capabilities to the updown script.
Pluto uses the updown script not only for firewalling, but also for
route installation.
You'll have to run the updown script with root privileges. Never tried
it, but file system based capability settings might work. Another
alternative is to define
leftupdown="sudo ipsec _updown"
and configure sudo accordingly.
Regards
Martin
More information about the Users
mailing list