[strongSwan] Kernel routing table missing entry
tobias at strongswan.org
Tue Nov 20 10:17:17 CET 2018
> I dont understand how this is possible. Is there another lower-level
> routing table?
Yes and no. There are additional routing tables, which you won't see
with the old route command, use the `ip` command from the iproute2
package instead to see the routes installed by strongSwan in routing
table 220 (`ip route list table 220`). However, IPsec in Linux is not
route- but policy-based (you see these IPsec policies with `ip xfrm
policy`). Depending on the negotiated policies and the already
installed routes those in table 220 are not really required (but they
make sure the correct source IP address is selected when sending packets
directly from this host).
More information about the Users