[strongSwan] Strongswan using VTI - got it working!
Olivier PELERIN
olivier_pelerin at hotmail.com
Fri Dec 19 15:11:06 CET 2014
Thanks Martin!
Quick question, If I understand you well, it's a global setting.
Are you planning to add a knob under the conn itself? It would be nice to be able to control it per conn.
Regards,
Olivier
> Subject: Re: [strongSwan] Strongswan using VTI - got it working!
> From: martin at strongswan.org
> To: olivier_pelerin at hotmail.com
> CC: schwarz at gaertner.de; noel at familie-kuntze.de; users at lists.strongswan.org
> Date: Fri, 19 Dec 2014 15:07:09 +0100
>
>
> > Question: what is the use of that table 220? Do we have a CLI to avoid
> > Strongswan installing that route? It's not necessary in case of VTI.
>
> strongSwan installs routes for negotiated policies to a dedicated
> routing table mainly for two reasons:
> * Avoid any conflicts with the main routing table, for example
> with the default route
> * Ignore routes from this table when doing route lookups for IKE
> traffic; IKE packets should always bypass the tunnel.
>
> To disable automatic route installation, set the install_routes option
> to no in the strongswan.conf "charon" section. The routing_table and
> routing_table_prio options allow you to customize installation of
> routes.
>
> Regards
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141219/8e48c1a1/attachment.html>
More information about the Users
mailing list