[strongSwan] updown script not adding routes

litschi@spacewaffles.net litschi at spacewaffles.net
Tue Feb 17 15:01:56 CET 2015


Hi Tobias,
I forgot to mention that I use my own updown script based on your default script to integrate strongswan into my firewall. I'm simpling writing all environment variables I'm interested in from that script into a file if client-up is called. My routing tables are also a bit different than in a normal setup. I decided to handle the routes myself and took your script as a starting point. Now I know where I went wrong.ip route get <peer_ip>gives me the parameter I was looking for.So never mind and thanks.
------ Originalnachricht------Von: Tobias BrunnerDatum: Di., 17. Feb. 2015 14:38An: Christian Liebscher;users at lists.strongswan.org;Betreff:Re: [strongSwan] updown script not adding routes
Hi Christian,> I've noticed something about the updown script that doesn't seem right.> With Revision 881e9a7e of src/_updown/_updown.in the> description of PLUTO_NEXT_HOP got removed, because it is not supported> by charon. But the usage still remains and is still there @master. What> currently happens is that the routes are not added at all, because the> generated command line for "iproute2" is not valid.These commands have never been used by charon.  Charon installs routesdirectly via Netlink/PF_ROUTE.> Because> PLUTO_NEXT_HOP is not supported by charon this script will try to add a> route via the peer itself. The peer, in almost all setups, is not in the> same subnet, so adding this route will fail.The script will do no such thing because it will never be called withthe route-* commands by the updown plugin.  The reason this obsoletestuff is still in the script is because nobody yet felt a need to removeit.  But since you brought it up, I will give it a go :)> Did I miss something?A route should still get installed to table 220 by the kernel-netlinkplugin (on Linux).  If that's not the case check the log for errors.Regards,Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150217/24e51599/attachment-0001.html>

More information about the Users mailing list