[strongSwan] Tunnels with dynamic IP and another route issue

Dusan Ilic dusan at comhem.se
Sat May 6 20:53:16 CEST 2017


Sorry, other way around, 32666 and 220 works, but 0 doesn't.

0:      from all lookup local
101:    from 90.225.194.x lookup WAN1
102:    from 10.248.0.x lookup WAN2
103:    from 85.24.240.x lookup WAN3
121:    from all fwmark 0x100/0xf00 lookup WAN1
122:    from all fwmark 0x200/0xf00 lookup WAN2
123:    from all fwmark 0x300/0xf00 lookup WAN3
220:    from all lookup main
32766:  from all lookup main
32767:  from all lookup default

Den 2017-05-06 kl. 17:51, skrev Noel Kuntze:
>
> On 03.05.2017 13:27, Dusan Ilic wrote:
>> The log just says that sometimes it chooses 0.0.0.0 as source, sometimes the gateway local Ip and sometimes the correct Public IP. Dont know if the problem is that left is %any as you proposed?
> No. It's a race condition in your network initialization. You need to make sure your routes have source hints.
>
>> Also, Strongswan pick the LAN shunt connection for some incoming connections attempts.
>>
> That's because you don't bind them to localhost with left=127.0.0.1 and right=127.0.0.1. Charon doesn't exclude shunt configurations when doing a configuration lookup for other peers.
>
>> Another issue with the full tunnel connection, when it doesnt suceed connecting it still puts default route and all internet gets cut off. Ideally this should be done after connection is established?
> Logs.
>
>> Also having issues stopping and restarting. Log file says that charon isnt responding and had to be killed. As you can se, it just starten acting weird...
> Logs.
>



More information about the Users mailing list