[strongSwan] Srongswan and Routes

Reinartz Ralf AII.Pforzheim Ralf.Reinartz at aiinformatics.com
Tue Jun 14 11:34:23 CEST 2011

Hello all,

I've to use a vpngate to connect some remote  LANs.
The gateway has no physical Adresses in some of these Lans.
So there are IP routes needed to reach the target Network.

Normally with Kernel 2.6.x Strongswan doesn not set, and it seems not need,  any IP Rules.
With  ip xfrm policy I see a policy for these Networks.

But I cannot reach the Networks.

As Reason I found out:

On the vpngate runs an iptables Firewall too. Without the Route the Kernel anti spoofing protection drops the Paket. When I disable anti spoofing or add a ip route anything works fine
Is there a way to prevent this behavior without manual adding an ip route or disable anti spoofing?



applied international informatics GmbH
Sitz der Gesellschaft: Berlin; Registergericht: Berlin-Charlottenburg HRB 77891B
Geschaeftsfuehrung: Josef Duermoser, Michael Bihn

Wichtiger Hinweis: Diese E-Mail und etwaige Anlagen koennen Betriebs- oder Geschaeftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtuemlich erhalten haben, ist Ihnen der Status dieser E-Mail bekannt. Bitte benachrichtigen Sie uns in diesem Fall sofort durch Antwort-Mail und loeschen Sie diese E-Mail nebst etwaigen Anlagen von Ihrem System. Ebenso duerfen Sie diese E-Mail oder ihre Anlagen nicht kopieren oder an Dritte weitergeben. Vielen Dank!

Important Note: This e-mail and any attachment are confidential and may contain trade secrets or otherwise protected from disclosure. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this e-mail and any attachment from your system. If you are not the intended recipient please understand that you must not copy this e-mail or any attachment or disclose the contents to any other person. Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110614/aa43a438/attachment.html>

More information about the Users mailing list