[strongSwan] Charon doesn't set the routes
Tobias Brunner
tobias at strongswan.org
Mon Oct 3 11:10:28 CEST 2011
Hi Diego,
>>>
>>>
>>>
>>>
>>
>>
>>
> I forgot to clarify that route is inserted if compress=no. In
> kernel_netlink_ipsec.c add_policy methed, the code checks if mode !=
> MODE_TRANSPORT to insert to route.
Yes, if IPComp is enabled the actual IPsec SA uses transport mode in the kernel as the inner IPComp SA does the tunneling. Up to 4.4.1 charon did this slightly wrong because the mode is changed while installing the policy and later when installing the route and checking the mode it's not the original mode that is compared. Please update to at least 4.5.0 to fix this.
Regards,
Tobias
More information about the Users
mailing list