[strongSwan] Source IP in routing table

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Dec 28 15:01:12 CET 2018


Hello,

strongSwan generally uses the routing table(s) for figuring out which srcip is legal.

What's in your your routing tables and what are your routing rules?
(`ip r show table all` and `ip ru`)

Kind regards

Noel

Am 28.12.18 um 14:35 schrieb Hoggins!:
> Well,
> 
> I got away with setting install_routes to no and manually installing
> them on startup.
> I guess I could use a leftupdown script to get all this when the tunnel
> is closed/reopened.
> 
> Anyway that'd be nice to have some control over these routes when
> install_routes is set to yes.
> 
>     Hoggins!
> 
> Le 24/12/2018 à 23:07, Hoggins! a écrit :
>> Hello list,
>>
>> I had a perfectly working setup that I built ontop of a machine that
>> never rebooted for several months. Multiple interfaces, multiple IP
>> addresses on the same machine, the default source address has always
>> been 192.168.22.10 in routing table 220. After the last reboot, I found
>> out that the routing table came different:
>>
>>     ~# ip route show table 220
>>     192.168.12.0/24 via X.X.X.X dev ppp0  proto static  src 192.168.35.10
>>     192.168.33.0/24 via X.X.X.X dev ppp0  proto static  src 192.168.35.10
>>     192.168.55.0/24 via X.X.X.X dev ppp0  proto static  src 192.168.35.10
>>     192.168.66.0/24 via X.X.X.X dev ppp0  proto static  src 192.168.35.10
>>
>>
>> Before, the 192.168.35.10 source address was 192.168.22.10 and
>> everything was setup around this. To overcome this situation, my first
>> solution was to SNAT a lot and it's working alright, but not for the SIP
>> protocol for example, and I'm stuck there.
>> So I was wondering if there was any kind of control over the source
>> address in the routing table 220 that would allow me to set
>> 192.168.22.10 back again.
>>
>> This 192.168.35.10 is not even the source address for the default
>> gateway, so I really wonder why StrongSWAN choses this address as the
>> source one. Any idea?
>>
>> Thanks!
>>
>>     Hoggins!
>>
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181228/7e82efa9/attachment.sig>


More information about the Users mailing list