[strongSwan] updown script not adding routes
Dennis Jacobfeuerborn
dennisml at conversis.de
Wed Feb 18 03:18:40 CET 2015
On 17.02.2015 14:37, Tobias Brunner wrote:
> Hi Christian,
>
>> I've noticed something about the updown script that doesn't seem right.
>> With Revision 881e9a7e of src/_updown/_updown.in the
>> description of PLUTO_NEXT_HOP got removed, because it is not supported
>> by charon. But the usage still remains and is still there @master. What
>> currently happens is that the routes are not added at all, because the
>> generated command line for "iproute2" is not valid.
>
> These commands have never been used by charon. Charon installs routes
> directly via Netlink/PF_ROUTE.
>
>> Because
>> PLUTO_NEXT_HOP is not supported by charon this script will try to add a
>> route via the peer itself. The peer, in almost all setups, is not in the
>> same subnet, so adding this route will fail.
>
> The script will do no such thing because it will never be called with
> the route-* commands by the updown plugin. The reason this obsolete
> stuff is still in the script is because nobody yet felt a need to remove
> it. But since you brought it up, I will give it a go :)
>
>> Did I miss something?
>
> A route should still get installed to table 220 by the kernel-netlink
> plugin (on Linux). If that's not the case check the log for errors.
Is there a way to list the tables that are in use? How does one detect
the existence of this table?
Regards,
Dennis
More information about the Users
mailing list