[strongSwan] Tunnels with dynamic IP and another route issue

[Dusan Ilic]

Source hints?
I dont think so, I have noticed that it depends on which routing table 
in strongswn.conf is configured for charon to install routes. The 
behaviour seem different if I use 220, table 0 or main routing table. I 
think if I use main routing table for route installation the source IP 
of the IKE transmission is 0.0.0.0, if I choose 0 or 220 its correct. 
Strange, having a hard time really grasping how all of this works "under 
the hood"...

Your right, it works much better now when added left/right=127.0.0.1. 
Thanks!

The two other issues seem to have gone away after modifications to 
routing tables, strongswan.conf and so on. Tried everything, almost 
impossible to remember what solves what :)


Den 2017-05-06 kl. 17:51, skrev Noel Kuntze:
>
> On 03.05.2017 13:27, Dusan Ilic wrote:
>> The log just says that sometimes it chooses 0.0.0.0 as source, sometimes the gateway local Ip and sometimes the correct Public IP. Dont know if the problem is that left is %any as you proposed?
> No. It's a race condition in your network initialization. You need to make sure your routes have source hints.
>
>> Also, Strongswan pick the LAN shunt connection for some incoming connections attempts.
>>
> That's because you don't bind them to localhost with left=127.0.0.1 and right=127.0.0.1. Charon doesn't exclude shunt configurations when doing a configuration lookup for other peers.
>
>> Another issue with the full tunnel connection, when it doesnt suceed connecting it still puts default route and all internet gets cut off. Ideally this should be done after connection is established?
> Logs.
>
>> Also having issues stopping and restarting. Log file says that charon isnt responding and had to be killed. As you can se, it just starten acting weird...
> Logs.
>