[strongSwan] Redirect into tunnel for local side

Tobias Brunner tobias at strongswan.org
Mon Jul 23 11:07:41 CEST 2018

Hi Kevin,

> I set "rightsubnet=" which was working
> perfectly fine but after todays update, strongswan edits the default
> route of the main kernel table to ipsec0 which effectivly cuts of all
> management access.

strongSwan should install its routes in table 220, by default, not the
main routing table (not that it makes much of a difference).   But how
did you enable management access before?  Bypass/passthrough policies?
Did you actually use the kernel-libipsec plugin [1] with the old
version?  Or was this installed/enabled by mistake during the update.
If that's the case, disable it [2] (it currently doesn't support such

> Also I set charon.install_routes to no but it still modifies the route.

That's because kernel-libipsec doesn't work without routes.


[1] https://wiki.strongswan.org/projects/strongswan/wiki/kernel-libipsec
[2] https://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

More information about the Users mailing list