[strongSwan] Strongswan 4.5.1 sqlite database passthrough
martin at strongswan.org
Mon Jun 27 10:20:32 CEST 2011
> We use updown script for child_configs iptables rules. I've seen routes
> are not supported in IKEv2.
In IKEv2 (and now even in IKEv1), routes are installed by the daemon
itself, not the updown script. But you can disable the built-in route
installation using the mentioned option.
> Is it possible to modify it and add/delete routes with iptables rules in
> up-client:) and down-client:) section ?
Yes, you can freely modify the updown script. Or you can define a
completely different script with the leftupdown ipsec.conf keyword.
> Otherwise, write a /etc/init.d/vpn script which calls /etc/init.d/ipsec
> script and add routes should work ?
If your configuration is more or less static, yes.
More information about the Users