[strongSwan] Is route entry redundant
Sial Nije
sialnije at gmail.com
Thu Mar 27 05:27:37 CET 2014
Hi List,
When an IPsec tunnel is established, a route is added in table 220. It
looks like this:
10.10.10.0/24 via 1.1.1.1 dev etho
xfrm policy has this
src 0.0.0.0 dst 10.10.10.0/24 dir out priority 2000
tmpl src 2.2.2.2 dst 1.1.1.1
proto esp reqid ...
I noticed that some of my route entries have the wrong peer addresses,
probably
because peers re-incarnate into different IP addresses before the local end
DPD cleanup the routes. Ran traffic test and the tunnels still pass
traffic.
Seems the route entries are not used?! I think they are actually misleading
because we want packets fitting the descriptors transformed, not just
routed.
I am wondering:
1. Do the route entries serve any purpose at all?
2. Would rtnetlink flag NLM_F_REPLACE (vs NLM_F_EXCL) fix the dangling
route issue?
Thanks for help.
Sial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140326/c682575b/attachment.html>
More information about the Users
mailing list