[strongSwan] Redirect 0.0.0.0/0 into tunnel for local side

[Tobias Brunner]

Hi Kevin,

> I set "rightsubnet=0.0.0.0/0" which was working
> perfectly fine but after todays update, strongswan edits the default
> route of the main kernel table to ipsec0 which effectivly cuts of all
> management access.

strongSwan should install its routes in table 220, by default, not the
main routing table (not that it makes much of a difference).   But how
did you enable management access before?  Bypass/passthrough policies?
Did you actually use the kernel-libipsec plugin [1] with the old
version?  Or was this installed/enabled by mistake during the update.
If that's the case, disable it [2] (it currently doesn't support such
policies).

> Also I set charon.install_routes to no but it still modifies the route.

That's because kernel-libipsec doesn't work without routes.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/kernel-libipsec
[2] https://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad