[strongSwan] Redirect 0.0.0.0/0 into tunnel for local side
tobias at strongswan.org
Mon Jul 23 11:07:41 CEST 2018
> I set "rightsubnet=0.0.0.0/0" which was working
> perfectly fine but after todays update, strongswan edits the default
> route of the main kernel table to ipsec0 which effectivly cuts of all
> management access.
strongSwan should install its routes in table 220, by default, not the
main routing table (not that it makes much of a difference). But how
did you enable management access before? Bypass/passthrough policies?
Did you actually use the kernel-libipsec plugin  with the old
version? Or was this installed/enabled by mistake during the update.
If that's the case, disable it  (it currently doesn't support such
> Also I set charon.install_routes to no but it still modifies the route.
That's because kernel-libipsec doesn't work without routes.
More information about the Users