[strongSwan] unable to install source route if node has two WAN ports

[Tobias Brunner]

Hi,

>     * A minor detail: the route "default via 6.6.6.x dev eth2" appears
>       twice, one in main table and another in a user table. I have to
>       delete both of them.

Not so minor after all :)  This route is the actual culprit causing 
charon to choose 6.6.6.254 as gateway.  If you remove the default routes 
from the wan1 and wan2 tables charon should use 2.2.2.1 as gateway as it 
has the lower metric in the main table.  The reason for this behavior is 
that when doing the lookup for the nexthop we currently don't consider 
the rules defined with ip rule.  We just dump all the routes in all the 
tables and try to find the best match.  Now the order in which the 
kernel dumps the tables is somehow not determined by the priority of 
such a table as defined with ip rule, thus, the first route returned by 
the kernel is the default route from table wan2 with 6.6.6.254 as gateway.

To fix this you can try to exclude the two routing tables from the 
lookup.  First find out the numerical ID of those tables (these should 
be listed in /etc/iproute2/rt_tables) then add them to strongswan.conf, 
for example:

charon {
	ignore_routing_tables=110 120
}

If the IDs are greater than 255 you need a patch I just checked in [1].

Regards,
Tobias

[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2e370a30