[strongSwan] updown script not adding routes
Tobias Brunner
tobias at strongswan.org
Tue Feb 17 14:37:26 CET 2015
Hi Christian,
> I've noticed something about the updown script that doesn't seem right.
> With Revision 881e9a7e of src/_updown/_updown.in the
> description of PLUTO_NEXT_HOP got removed, because it is not supported
> by charon. But the usage still remains and is still there @master. What
> currently happens is that the routes are not added at all, because the
> generated command line for "iproute2" is not valid.
These commands have never been used by charon. Charon installs routes
directly via Netlink/PF_ROUTE.
> Because
> PLUTO_NEXT_HOP is not supported by charon this script will try to add a
> route via the peer itself. The peer, in almost all setups, is not in the
> same subnet, so adding this route will fail.
The script will do no such thing because it will never be called with
the route-* commands by the updown plugin. The reason this obsolete
stuff is still in the script is because nobody yet felt a need to remove
it. But since you brought it up, I will give it a go :)
> Did I miss something?
A route should still get installed to table 220 by the kernel-netlink
plugin (on Linux). If that's not the case check the log for errors.
Regards,
Tobias
More information about the Users
mailing list