[strongSwan] Pluto is adding a second ip rule [SOLVED]

[Vonlanthen, Elmar]

Hello Tobias

> It did but this is now done by the kernel-netlink plugin (see [1]).
> Pluto still installs the source routes with the _updown script, though.
>  Now, the kernel-netlink plugin doesn't check if the rule already
> exists
> and just installs it anyway. 

Thanks for your clarification.

> In 4.6.0 it actually gets installed up to
> three times since the kernel-netlink plugin is now loaded by starter,
> pluto and charon.  If none of these crashes they also get removed
> afterwards.  I'm not sure if that's a problem, the kernel at least does
> not seem to care about the duplicate rules.

You are right, it seems not really to be a problem. I was just confused.

> > Strongswan was compiled with “--with-routing-table=254
> > --with-routing-table-prio=100" (254 is “main”).
>
> Actually, you should set --with-routing-table=0 to install routes into
> the main routing table.  This way no rule is installed at all and the
> source route is simply added to the main table.

That did the trick. Thank you very much.

Best regards
Elmar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5382 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111107/f7309c7f/attachment.bin>