[strongSwan] What adds the rule for route table 220?
Ben Greear
greearb at candelatech.com
Wed Sep 18 15:47:00 CEST 2019
On 9/18/19 5:16 AM, Ben Greear wrote:
>
>
> On 09/18/2019 02:58 AM, Tobias Brunner wrote:
>> Hi Ben,
>>
>>> How can we keep this rule from being added?
>>
>> Route installation may be disabled via charon.install_routes in
>> strongswan.conf [1].
>>
>> Regards,
>> Tobias
>>
>> [1] https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
>
>
> I will check on that.
>
> But, if there are no interfaces configured for ipsec, should it still install
> the rule anyway?
Would you expect this to work?
# cat local/etc/strongswan.d/charon-lf.conf
charon {
install_routes = no
}
I also tried adding the install_routes = no line
directly into the strongswan.conf file.
Please note, I am wanting the rule itself to not be added, not just no routes
in the 220 table.
[root at jed-heatsink1 lanforge]# ip ru show
400: from 192.168.5.5 lookup 1
1000: from all lookup [l3mdev-table]
1512: from all lookup local
32766: from all lookup main
32767: from all lookup default
[root at jed-heatsink1 lanforge]# systemctl start strongswan-starter.service
[root at jed-heatsink1 lanforge]# ip ru show
220: from all lookup 220
400: from 192.168.5.5 lookup 1
1000: from all lookup [l3mdev-table]
1512: from all lookup local
32766: from all lookup main
32767: from all lookup default
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Users
mailing list