[strongSwan] Problem with table 220 and 0.0.0.0/0 subnet
Kimmo Koivisto
koippa at gmail.com
Wed Jun 6 14:42:04 CEST 2012
Hello
I have following setup with 4.6.4 and charons:
client--gateway1----gateway2---services
So, there is site2site connection between gateway1 (gw1) and 2 (gw2).
In gw1, ipsec.conf has:
leftsubnet=client-subnet/24
rightsubnet=service-subnet/24.
With this setup, gw1 creates routing table 220 with contents:
# ip route show table 220
service-subnet/24 via gw1-default-gw dev eth0 proto static src
gw1-eth0-address
, and this works okay.
But the problem is, when I would like to negotiate traffic selector
with 0.0.0.0/0, so gw1, ipsec.conf has:
leftsubnet=client-subnet/24
rightsubnet=0.0.0.0/0
Now, gw1 negotiates traffic fine, but no ESP ever leaves the gw1. Gw1
creates routing table 220 with contents:
default via gw1-default-gw dev eth0 proto static src gw1-eth0-address
If I delete this routing table, traffics starts to work.
My questions are:
Why are these routes created?
can I prevent the creation of routes with some option and can it cause problems?
Best Regards,
Kimmo
More information about the Users
mailing list