[strongSwan] Strongswan using VTI - got it working!
Olivier PELERIN
olivier_pelerin at hotmail.com
Wed Feb 25 14:36:12 CET 2015
Hello,
Apologize for the huge delay but I had many things going on. I will try to restart my environment in a few days. I will paste the Cisco config + the Strongswan side. I'm sure it can be useful for someone.
Regards
Date: Fri, 19 Dec 2014 15:37:32 +0100
From: avalentin at marcant.net
To: users at lists.strongswan.org
Subject: Re: [strongSwan] Strongswan using VTI - got it working!
Hi!
It would be wonderful if you could document your setup in an email to the list, inluding kernel version. I would even create an Wiki Article for it, if it's allowed.
Kind regards,
André
Am 19.12.2014 um 15:11 schrieb Olivier PELERIN:
Thanks Martin!
Quick question, If I understand you well, it's a global setting.
Are you planning to add a knob under the conn itself? It would be nice to be able to control it per conn.
Regards,
Olivier
> Subject: Re: [strongSwan] Strongswan using VTI - got it working!
> From: martin at strongswan.org
> To:
olivier_pelerin at hotmail.com
> CC: schwarz at gaertner.de;
noel at familie-kuntze.de;
users at lists.strongswan.org
> Date: Fri, 19 Dec 2014 15:07:09 +0100
>
>
> > Question: what is the use of that table 220? Do we have a CLI to avoid
> > Strongswan installing that route? It's not necessary in case of VTI.
>
> strongSwan installs routes for negotiated policies to a dedicated
> routing table mainly for two reasons:
> * Avoid any conflicts with the main routing table, for example
> with the default route
> * Ignore routes from this table when doing route lookups for IKE
> traffic; IKE packets should always bypass the tunnel.
>
> To disable automatic route installation, set the install_routes option
> to no in the strongswan.conf "charon" section. The routing_table and
> routing_table_prio options allow you to customize installation of
> routes.
>
> Regards
> Martin
>
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Mit freundlichen Grüßen
André Valentin
Systemadministrator
--
MarcanT GmbH, Ravensberger Str. 10 G, D - 33602 Bielefeld
Fon: +49 (521) 95945-0 | Fax: +49 (521) 95945-18
URL: http://www.marcant.net | http://www.global-m2m.com
Internet * Netzwerk * Mobile Daten
Citrix Silver Solution Advisor
Geschäftsführer: Thorsten Hojas
Handelsregister: AG Bielefeld, HRB 35827 USt-ID Nr.: DE 190203238
___________________________________________________________
Ausserhalb unserer Geschäftszeiten (Montag bis Freitag von 8:30 Uhr bis
17:30 Uhr, ausgenommen gesetzliche Feiertage in NRW) stehen wir Ihnen
gemäß Ihrer jeweiligen Service-Level-Agreements unter der Ihnen
mitgeteilten Telefonnummer für Störungen und Notfälle zur Verfügung.
Sie können natürlich auch gerne jederzeit unter support at marcant.net ein
Ticket eröffnen, welches am nächsten Arbeitstag bearbeitet wird.
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150225/fb80bcf2/attachment.html>
More information about the Users
mailing list