[strongSwan] Strongswan using VTI - got it working!

André Valentin avalentin at marcant.net
Fri Dec 19 15:37:32 CET 2014


Hi!

It would be wonderful if you could document your setup in an email to the list, inluding kernel version. I would even create an Wiki Article for it, if it's allowed.

Kind regards,

André

Am 19.12.2014 um 15:11 schrieb Olivier PELERIN:
Thanks Martin!

Quick question, If I understand you well, it's a global setting.
Are you planning to add a knob under the conn itself? It would be nice to be able to control it per conn.

Regards,

Olivier

> Subject: Re: [strongSwan] Strongswan using VTI - got it working!
> From: martin at strongswan.org<mailto:martin at strongswan.org>
> To: olivier_pelerin at hotmail.com<mailto:olivier_pelerin at hotmail.com>
> CC: schwarz at gaertner.de<mailto:schwarz at gaertner.de>; noel at familie-kuntze.de<mailto:noel at familie-kuntze.de>; users at lists.strongswan.org<mailto:users at lists.strongswan.org>
> Date: Fri, 19 Dec 2014 15:07:09 +0100
>
>
> > Question: what is the use of that table 220? Do we have a CLI to avoid
> > Strongswan installing that route? It's not necessary in case of VTI.
>
> strongSwan installs routes for negotiated policies to a dedicated
> routing table mainly for two reasons:
> * Avoid any conflicts with the main routing table, for example
> with the default route
> * Ignore routes from this table when doing route lookups for IKE
> traffic; IKE packets should always bypass the tunnel.
>
> To disable automatic route installation, set the install_routes option
> to no in the strongswan.conf "charon" section. The routing_table and
> routing_table_prio options allow you to customize installation of
> routes.
>
> Regards
> Martin
>



_______________________________________________
Users mailing list
Users at lists.strongswan.org<mailto:Users at lists.strongswan.org>
https://lists.strongswan.org/mailman/listinfo/users


Mit freundlichen Grüßen
André Valentin
Systemadministrator
--
MarcanT GmbH, Ravensberger Str. 10 G, D - 33602 Bielefeld
Fon: +49 (521) 95945-0 | Fax: +49 (521) 95945-18
URL: http://www.marcant.net | http://www.global-m2m.com

Internet * Netzwerk * Mobile Daten
Citrix Silver Solution Advisor

Geschäftsführer: Thorsten Hojas
Handelsregister: AG Bielefeld, HRB 35827 USt-ID Nr.: DE 190203238
___________________________________________________________
Ausserhalb unserer Geschäftszeiten (Montag bis Freitag von 8:30 Uhr bis
17:30 Uhr, ausgenommen gesetzliche Feiertage in NRW) stehen wir Ihnen
gemäß Ihrer jeweiligen Service-Level-Agreements unter der Ihnen
mitgeteilten Telefonnummer für Störungen und Notfälle zur Verfügung.
Sie können natürlich auch gerne jederzeit unter support at marcant.net ein
Ticket eröffnen, welches am nächsten Arbeitstag bearbeitet wird.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141219/f46279bf/attachment.html>


More information about the Users mailing list