[strongSwan] %any picks IPv6 link-local address
David Härdeman
david at hardeman.nu
Mon Oct 24 12:26:32 CEST 2016
October 7, 2016 9:39 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:
>>> An alternative is using the native source lookup by setting
>>> charon.plugins.kernel-netlink.fwmark [2].
>>
>> I tried that (both with only fwmark set to !0x42 and with fwmark set to
>> !0x42 and socket-default set to 0x42). While it did help a bit (the
>> right source IP address was used and the tunnel negotiation completed),
>> I ended up getting error messages from netlink about invalid routes
>> instead.
>
> Could you provide more information on this (e.g. a log with the log
> level for knl set to 2)? When exactly did you get the errors? During
> installation of the routes?
First of all, sorry about the delay in replying...
Yes, the error messages were printed during the installation of the routes (I use route=auto and the error messages were printed as soon as I restarted the Strongswan daemon after changing the config files to use fwmark).
I'll try to get you better log output at a later date. Right now I'm in the process of migrating to newer hardware (a Turris Omnia) and it'll take some time before I've managed to get 5.5.1 built and installed (there's already a pull request in the OpenWRT repo to update their package to 5.5.1).
Regards,
David
More information about the Users
mailing list