[strongSwan] "sending keep alive" seems breaking VPN connection
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Jun 8 17:07:57 CEST 2018
Hi,
Try setting charon.interfaces_use=bond0
Kind regards
Noel
On 06.06.2018 11:47, Gilles Printemps wrote:
> Hi Noel/Tobias,
> I've done the modification in the script as highlighted but, unfortunately, I still have the same problem:
> After 2 minutes, when I'm executing the same command, it's failing...
> $ sudo -u vpn -i -- curl ipinfo.io <http://ipinfo.io>
> curl: (6) Could not resolve host: ipinfo.io <http://ipinfo.io>
>
> My routing script:
>
> export TABLE_ID="vpn"
> export VPN_USER="vpn"
> export VTI_INTERFACE="vti0"
> export LOCAL_IP="192.168.0.30"
> #export LOCAL_IP="10.211.55.3"
>
> # Flush iptables rules
> iptables -F -t nat
> iptables -F -t mangle
> iptables -F -t filter
> # Mark packets from $VPN_USER
> iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
> iptables -t mangle -A OUTPUT ! --dest $LOCAL_IP -m owner --uid-owner $VPN_USER -j MARK --set-mark 0x1
> iptables -t mangle -A OUTPUT ! --src $LOCAL_IP -m owner --uid-owner $VPN_USER -j MARK --set-mark 0x1
> iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
> # Deny $VPN_USER to access other interfaces than lo
> # iptables -A OUTPUT ! -o lo -m owner --uid-owner $VPN_USER -j DROP
> # Allow $VPN_USER to access lo and VPN interfaces
> iptables -A OUTPUT -o lo -m owner --uid-owner $VPN_USER -j ACCEPT
> iptables -A OUTPUT -o $VTI_INTERFACE -m owner --uid-owner $VPN_USER -j ACCEPT
>
> # Allow response from $VPN_INTERFACE
> iptables -A INPUT -i $VTI_INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT
> # Masquarade packets on $VPN_INTERFACE
> iptables -t nat -A POSTROUTING -o $VTI_INTERFACE -j MASQUERADE
> # Routing rules
> GATEWAY=$(ifconfig $VTI_INTERFACE |
> egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' |
> egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
> ip route replace default via $GATEWAY table $TABLE_ID
> ip route append default via 127.0.0.1 dev lo table $TABLE_ID
> ip route flush cache
>
>
> I really don't understand how this issue can be related to a routing table. Indeed, just after starting the VPN, connection is working fine and command is returning the right result.
>
> Please find below the routing table status after each steps..
> How it will help for finding where this issue is coming from...
> BR Gilles
>
> $ sudo ipsec start
> $ sudo ipsec statusall
>
> Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.4.0-127-generic, x86_64):
> uptime: 8 seconds,
> malloc: sbrk 3088384, mmap 0, used 1304704, free 1783680
> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
> loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap tnc-tnccs dhcp certexpire radattr addrblock unity
> Listening IP addresses:
> 192.168.0.30
> Connections:
> VPN: %any...free-nl.hide.me <http://free-nl.hide.me> IKEv2, dpddelay=30s
> VPN: local: uses EAP_MSCHAPV2 authentication with EAP identity 'gprintemps'
> VPN: remote: uses public key authentication
> VPN: child: dynamic === 0.0.0.0/0 <http://0.0.0.0/0> TUNNEL, dpdaction=restart
> Routed Connections:
> VPN{1}: ROUTED, TUNNEL, reqid 1
> VPN{1}: 192.168.0.30/32 <http://192.168.0.30/32> === 0.0.0.0/0 <http://0.0.0.0/0>
> Security Associations (0 up, 0 connecting):
> none
>
>
> $ sudo ip route show table all
>
> default via 127.0.0.1 dev lo table vpn
> default via 192.168.0.1 dev bond0 onlink
> 192.168.0.0/24 <http://192.168.0.0/24> dev bond0 proto kernel scope link src 192.168.0.30
> broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
> local 127.0.0.0/8 <http://127.0.0.0/8> dev lo table local proto kernel scope host src 127.0.0.1
> local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
> broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
> broadcast 192.168.0.0 dev bond0 table local proto kernel scope link src 192.168.0.30
> local 192.168.0.30 dev bond0 table local proto kernel scope host src 192.168.0.30
> broadcast 192.168.0.255 dev bond0 table local proto kernel scope link src 192.168.0.30
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> fe80::/64 dev bond0 proto kernel metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> local ::1 dev lo table local proto none metric 0 pref medium
> local fe80:: dev lo table local proto none metric 0 pref medium
> local fe80::ca1f:66ff:fecb:1faf dev lo table local proto none metric 0 pref medium
> ff00::/8 dev bond0 table local metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
>
>
> $ sudo ipsec up VPN
> ...
> connection 'VPN' established successfully
>
> $ sudo -u vpn -i -- curl ipinfo.io <http://ipinfo.io>
>
> {
> "ip": "95.211.101.229",
> "city": "",
> "region": "",
> "country": "NL",
> "loc": "52.3824,4.8995",
> "org": "AS60781 LeaseWeb Netherlands B.V."
> }
>
>
> $ sudo ifconfig (vti0 and bond0 interfaces)
>
> bond0 Link encap:Ethernet HWaddr c8:1f:66:cb:1f:af
> inet addr:192.168.0.30 Bcast:192.168.0.255 Mask:255.255.255.0
> inet6 addr: fe80::ca1f:66ff:fecb:1faf/64 Scope:Link
> UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
> RX packets:1239225 errors:13 dropped:1649 overruns:0 frame:3
> TX packets:664640 errors:0 dropped:3 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:298208189 (298.2 MB) TX bytes:123692731 (123.6 MB)
> vti0 Link encap:IPIP Tunnel HWaddr
> inet addr:10.3.153.58 P-t-P:10.3.153.58 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MTU:1332 Metric:1
> RX packets:6 errors:0 dropped:0 overruns:0 frame:0
> TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1
> RX bytes:957 (957.0 B) TX bytes:503 (503.0 B)
>
>
> $ sudo ipsec statusall
>
> Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.4.0-127-generic, x86_64):
> uptime: 95 seconds,
> malloc: sbrk 3629056, mmap 0, used 1409056, free 2220000
> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4
> loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap tnc-tnccs dhcp certexpire radattr addrblock unity
> Listening IP addresses:
> 192.168.0.30
> 10.3.153.58
> Connections:
> VPN: %any...free-nl.hide.me <http://free-nl.hide.me> IKEv2, dpddelay=30s
> VPN: local: uses EAP_MSCHAPV2 authentication with EAP identity 'gprintemps'
> VPN: remote: uses public key authentication
> VPN: child: dynamic === 0.0.0.0/0 <http://0.0.0.0/0> TUNNEL, dpdaction=restart
> Routed Connections:
> VPN{1}: ROUTED, TUNNEL, reqid 1
> VPN{1}: 192.168.0.30/32 <http://192.168.0.30/32> === 0.0.0.0/0 <http://0.0.0.0/0>
> Security Associations (1 up, 0 connecting):
> VPN[1]: ESTABLISHED 33 seconds ago, 192.168.0.30[192.168.0.30]...95.211.101.201[C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me <http://hide.me>]
> VPN[1]: IKEv2 SPIs: ced6fd317e98294d_i* 08a6a85a2e5367a6_r, EAP reauthentication in 2 hours
> VPN[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384
> VPN{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c3519ebd_i c3e6821b_o
> VPN{2}: AES_CBC_256/HMAC_SHA2_256_128, 957 bytes_i (6 pkts, 25s ago), 532 bytes_o (9 pkts, 25s ago), rekeying in 46 minutes
> VPN{2}: 10.3.153.58/32 <http://10.3.153.58/32> === 0.0.0.0/0 <http://0.0.0.0/0>
>
>
> $ sudo ip route show table all
>
> default via 10.3.153.58 dev vti0 table vpn
> default via 127.0.0.1 dev lo table vpn
> default via 192.168.0.1 dev bond0 onlink
> 192.168.0.0/24 <http://192.168.0.0/24> dev bond0 proto kernel scope link src 192.168.0.30
> local 10.3.153.58 dev vti0 table local proto kernel scope host src 10.3.153.58
> broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
> local 127.0.0.0/8 <http://127.0.0.0/8> dev lo table local proto kernel scope host src 127.0.0.1
> local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
> broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
> broadcast 192.168.0.0 dev bond0 table local proto kernel scope link src 192.168.0.30
> local 192.168.0.30 dev bond0 table local proto kernel scope host src 192.168.0.30
> broadcast 192.168.0.255 dev bond0 table local proto kernel scope link src 192.168.0.30
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> fe80::/64 dev bond0 proto kernel metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> local ::1 dev lo table local proto none metric 0 pref medium
> local fe80:: dev lo table local proto none metric 0 pref medium
> local fe80::ca1f:66ff:fecb:1faf dev lo table local proto none metric 0 pref medium
> ff00::/8 dev bond0 table local metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
>
>
> Display of all routing tables
>
> Filter table:Chain INPUT (policy ACCEPT 189 packets, 15132 bytes)
> pkts bytes target prot opt in out source destination
> 6 957 ACCEPT all -- vti0 any anywhere anywhere ctstate ESTABLISHED
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> Chain OUTPUT (policy ACCEPT 185 packets, 26720 bytes)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all -- any lo anywhere anywhere owner UID match vpn
> 0 0 ACCEPT all -- any vti0 anywhere anywhere owner UID match vpn
> Nat table:Chain PREROUTING (policy ACCEPT 2 packets, 136 bytes)
> pkts bytes target prot opt in out source destination
> Chain INPUT (policy ACCEPT 2 packets, 136 bytes)
> pkts bytes target prot opt in out source destination
> Chain OUTPUT (policy ACCEPT 30 packets, 2361 bytes)
> pkts bytes target prot opt in out source destination
> Chain POSTROUTING (policy ACCEPT 28 packets, 2246 bytes)
> pkts bytes target prot opt in out source destination
> 2 115 MASQUERADE all -- any vti0 anywhere anywhere
> Mangle table:
> Chain PREROUTING (policy ACCEPT 195 packets, 16089 bytes)
> pkts bytes target prot opt in out source destination
> Chain INPUT (policy ACCEPT 195 packets, 16089 bytes)
> pkts bytes target prot opt in out source destination
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> Chain OUTPUT (policy ACCEPT 193 packets, 28964 bytes)
> pkts bytes target prot opt in out source destination
> 193 28964 CONNMARK all -- any any anywhere anywhere CONNMARK restore
> 14 1439 MARK all -- any any anywhere !coruscant.printemps.cc <http://coruscant.printemps.cc> owner UID match vpn MARK set 0x1
> 0 0 MARK all -- any any !coruscant.printemps.cc <http://coruscant.printemps.cc> anywhere owner UID match vpn MARK set 0x1
> 193 28964 CONNMARK all -- any any anywhere anywhere CONNMARK save
> Chain POSTROUTING (policy ACCEPT 211 packets, 30421 bytes)
> pkts bytes target prot opt in out source destination
>
>
>
> After ~2 minutes, connection is broken
> $ sudo -u vpn -i -- curl ipinfo.io <http://ipinfo.io>
> curl: (6) Could not resolve host: ipinfo.io <http://ipinfo.io>
>
> $ sudo ipsec statusall
>
> Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.4.0-127-generic, x86_64):
> uptime: 3 minutes,
> malloc: sbrk 3629056, mmap 0, used 1411312, free 2217744
> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 5
> loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap tnc-tnccs dhcp certexpire radattr addrblock unity
> Listening IP addresses:
> 192.168.0.30
> 10.3.153.58
> Connections:
> VPN: %any...free-nl.hide.me <http://free-nl.hide.me> IKEv2, dpddelay=30s
> VPN: local: uses EAP_MSCHAPV2 authentication with EAP identity 'gprintemps'
> VPN: remote: uses public key authentication
> VPN: child: dynamic === 0.0.0.0/0 <http://0.0.0.0/0> TUNNEL, dpdaction=restart
> Routed Connections:
> VPN{1}: ROUTED, TUNNEL, reqid 1
> VPN{1}: 192.168.0.30/32 <http://192.168.0.30/32> === 0.0.0.0/0 <http://0.0.0.0/0>
> Security Associations (1 up, 0 connecting):
> VPN[1]: ESTABLISHED 2 minutes ago, 192.168.0.30[192.168.0.30]...95.211.101.201[C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me <http://hide.me>]
> VPN[1]: IKEv2 SPIs: ced6fd317e98294d_i* 08a6a85a2e5367a6_r, EAP reauthentication in 2 hours
> VPN[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384
> VPN[1]: Tasks active: IKE_MOBIKE
> VPN{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c3519ebd_i c3e6821b_o
> VPN{2}: AES_CBC_256/HMAC_SHA2_256_128, 957 bytes_i (6 pkts, 161s ago), 4127 bytes_o (52 pkts, 27s ago), rekeying in 44 minutes
> VPN{2}: 10.3.153.58/32 <http://10.3.153.58/32> === 0.0.0.0/0 <http://0.0.0.0/0>
>
>
> $ sudo ifconfig (vti0 and bond0 interfaces)
>
> bond0 Link encap:Ethernet HWaddr c8:1f:66:cb:1f:af
> inet addr:192.168.0.30 Bcast:192.168.0.255 Mask:255.255.255.0
> inet6 addr: fe80::ca1f:66ff:fecb:1faf/64 Scope:Link
> UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
> RX packets:1240273 errors:13 dropped:1651 overruns:0 frame:3
> TX packets:665233 errors:0 dropped:3 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:298394839 (298.3 MB) TX bytes:123780036 (123.7 MB)
> vti0 Link encap:IPIP Tunnel HWaddr
> inet addr:10.3.153.58 P-t-P:10.3.153.58 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MTU:1332 Metric:1
> RX packets:6 errors:0 dropped:0 overruns:0 frame:0
> TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1
> RX bytes:957 (957.0 B) TX bytes:4098 (4.0 KB)
>
>
> $ sudo ip route show table all
>
> default via 10.3.153.58 dev vti0 table vpn
> default via 127.0.0.1 dev lo table vpn
> default via 192.168.0.1 dev bond0 onlink
> 192.168.0.0/24 <http://192.168.0.0/24> dev bond0 proto kernel scope link src 192.168.0.30
> local 10.3.153.58 dev vti0 table local proto kernel scope host src 10.3.153.58
> broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
> local 127.0.0.0/8 <http://127.0.0.0/8> dev lo table local proto kernel scope host src 127.0.0.1
> local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
> broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
> broadcast 192.168.0.0 dev bond0 table local proto kernel scope link src 192.168.0.30
> local 192.168.0.30 dev bond0 table local proto kernel scope host src 192.168.0.30
> broadcast 192.168.0.255 dev bond0 table local proto kernel scope link src 192.168.0.30
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> fe80::/64 dev bond0 proto kernel metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> local ::1 dev lo table local proto none metric 0 pref medium
> local fe80:: dev lo table local proto none metric 0 pref medium
> local fe80::ca1f:66ff:fecb:1faf dev lo table local proto none metric 0 pref medium
> ff00::/8 dev bond0 table local metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
>
>
>
> After ~2minutes, connection is restarted...
> $ sudo -u vpn -i -- curl ipinfo.io <http://ipinfo.io>
>
> {
> "ip": "109.201.137.48",
> "hostname": "",
> "city": "Amsterdam",
> "region": "Noord-Holland",
> "country": "NL",
> "loc": "52.3666,4.9027",
> "postal": "1066",
> "org": "AS43350 NForce Entertainment B.V."
> }
>
>
> $ sudo ipsec statusall
>
> Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.4.0-127-generic, x86_64):
> uptime: 6 minutes,
> malloc: sbrk 3629056, mmap 0, used 1434848, free 2194208
> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 7
> loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap tnc-tnccs dhcp certexpire radattr addrblock unity
> Listening IP addresses:
> 192.168.0.30
> 10.3.189.169
> Connections:
> VPN: %any...free-nl.hide.me <http://free-nl.hide.me> IKEv2, dpddelay=30s
> VPN: local: uses EAP_MSCHAPV2 authentication with EAP identity 'gprintemps'
> VPN: remote: uses public key authentication
> VPN: child: dynamic === 0.0.0.0/0 <http://0.0.0.0/0> TUNNEL, dpdaction=restart
> Routed Connections:
> VPN{1}: ROUTED, TUNNEL, reqid 1
> VPN{1}: 192.168.0.30/32 <http://192.168.0.30/32> === 0.0.0.0/0 <http://0.0.0.0/0>
> Security Associations (1 up, 0 connecting):
> VPN[2]: ESTABLISHED 61 seconds ago, 192.168.0.30[192.168.0.30]...109.201.137.46[C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me <http://hide.me>]
> VPN[2]: IKEv2 SPIs: 5855a17374bc3cee_i* cedf941ba5dff66d_r, EAP reauthentication in 2 hours
> VPN[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384
> VPN[2]: Tasks active: CHILD_CREATE
> VPN{3}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: ca615d08_i c38d7138_o
> VPN{3}: AES_CBC_256/HMAC_SHA2_256_128, 1017 bytes_i (6 pkts, 31s ago), 503 bytes_o (8 pkts, 31s ago), rekeying in 44 minutes
> VPN{3}: 10.3.189.169/32 <http://10.3.189.169/32> === 0.0.0.0/0 <http://0.0.0.0/0>
>
>
> $ sudo ip route show table all
>
> default via 10.3.189.169 dev vti0 table vpn
> default via 127.0.0.1 dev lo table vpn
> default via 192.168.0.1 dev bond0 onlink
> 192.168.0.0/24 <http://192.168.0.0/24> dev bond0 proto kernel scope link src 192.168.0.30
> local 10.3.189.169 dev vti0 table local proto kernel scope host src 10.3.189.169
> broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
> local 127.0.0.0/8 <http://127.0.0.0/8> dev lo table local proto kernel scope host src 127.0.0.1
> local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
> broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
> broadcast 192.168.0.0 dev bond0 table local proto kernel scope link src 192.168.0.30
> local 192.168.0.30 dev bond0 table local proto kernel scope host src 192.168.0.30
> broadcast 192.168.0.255 dev bond0 table local proto kernel scope link src 192.168.0.30
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> fe80::/64 dev bond0 proto kernel metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
> local ::1 dev lo table local proto none metric 0 pref medium
> local fe80:: dev lo table local proto none metric 0 pref medium
> local fe80::ca1f:66ff:fecb:1faf dev lo table local proto none metric 0 pref medium
> ff00::/8 dev bond0 table local metric 256 pref medium
> unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 pref medium
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180608/54174c98/attachment-0001.sig>
More information about the Users
mailing list