[strongSwan] Is route entry redundant
sialnije at gmail.com
Thu Mar 27 05:27:37 CET 2014
When an IPsec tunnel is established, a route is added in table 220. It
looks like this:
10.10.10.0/24 via 22.214.171.124 dev etho
xfrm policy has this
src 0.0.0.0 dst 10.10.10.0/24 dir out priority 2000
tmpl src 126.96.36.199 dst 188.8.131.52
proto esp reqid ...
I noticed that some of my route entries have the wrong peer addresses,
because peers re-incarnate into different IP addresses before the local end
DPD cleanup the routes. Ran traffic test and the tunnels still pass
Seems the route entries are not used?! I think they are actually misleading
because we want packets fitting the descriptors transformed, not just
I am wondering:
1. Do the route entries serve any purpose at all?
2. Would rtnetlink flag NLM_F_REPLACE (vs NLM_F_EXCL) fix the dangling
Thanks for help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users