[strongSwan] Tunnels with dynamic IP and another route issue

[Noel Kuntze]

On 03.05.2017 13:27, Dusan Ilic wrote:
> The log just says that sometimes it chooses 0.0.0.0 as source, sometimes the gateway local Ip and sometimes the correct Public IP. Dont know if the problem is that left is %any as you proposed?

No. It's a race condition in your network initialization. You need to make sure your routes have source hints.

> 
> Also, Strongswan pick the LAN shunt connection for some incoming connections attempts.
> 

That's because you don't bind them to localhost with left=127.0.0.1 and right=127.0.0.1. Charon doesn't exclude shunt configurations when doing a configuration lookup for other peers.

> Another issue with the full tunnel connection, when it doesnt suceed connecting it still puts default route and all internet gets cut off. Ideally this should be done after connection is established?

Logs.

> 
> Also having issues stopping and restarting. Log file says that charon isnt responding and had to be killed. As you can se, it just starten acting weird...

Logs.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170506/a47f83ac/attachment.sig>