[strongSwan] Is route entry redundant

Sial Nije sialnije at gmail.com
Thu Mar 27 05:27:37 CET 2014

Hi List,

When an IPsec tunnel is established, a route is added in table 220. It
looks like this: via dev etho

xfrm policy has this
src dst dir out priority 2000
   tmpl src dst
   proto esp reqid ...

I noticed that some of my route entries have the wrong peer addresses,
because peers re-incarnate into different IP addresses before the local end
DPD cleanup the routes. Ran traffic test and the tunnels still pass
Seems the route entries are not used?! I think they are actually misleading
because we want packets fitting the descriptors transformed, not just
I am wondering:
1. Do the route entries serve any purpose at all?
2. Would rtnetlink flag NLM_F_REPLACE (vs NLM_F_EXCL) fix the dangling
route issue?

Thanks for help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140326/c682575b/attachment.html>

More information about the Users mailing list