[strongSwan] Charon doesn't set the routes
Diego Woitasen
diego at woitasen.com.ar
Wed Oct 5 16:05:19 CEST 2011
On Mon, Oct 3, 2011 at 6:10 AM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Diego,
>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>> I forgot to clarify that route is inserted if compress=no. In
>> kernel_netlink_ipsec.c add_policy methed, the code checks if mode !=
>> MODE_TRANSPORT to insert to route.
>
> Yes, if IPComp is enabled the actual IPsec SA uses transport mode in the kernel as the inner IPComp SA does the tunneling. Up to 4.4.1 charon did this slightly wrong because the mode is changed while installing the policy and later when installing the route and checking the mode it's not the original mode that is compared. Please update to at least 4.5.0 to fix this.
>
> Regards,
> Tobias
>
>
Yes, you are right. The bug was fixed in Openswan 4.5.2 from Debian backports.
Thanks!
--
Diego Woitasen
More information about the Users
mailing list