[strongSwan] What adds the rule for route table 220?

Ben Greear greearb at candelatech.com
Wed Sep 18 15:47:00 CEST 2019


On 9/18/19 5:16 AM, Ben Greear wrote:
> 
> 
> On 09/18/2019 02:58 AM, Tobias Brunner wrote:
>> Hi Ben,
>>
>>> How can we keep this rule from being added?
>>
>> Route installation may be disabled via charon.install_routes in
>> strongswan.conf [1].
>>
>> Regards,
>> Tobias
>>
>> [1] https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
> 
> 
> I will check on that.
> 
> But, if there are no interfaces configured for ipsec, should it still install
> the rule anyway?

Would you expect this to work?

# cat local/etc/strongswan.d/charon-lf.conf
charon {
    install_routes = no
}

I also tried adding the install_routes = no line
directly into the strongswan.conf file.

Please note, I am wanting the rule itself to not be added, not just no routes
in the 220 table.

[root at jed-heatsink1 lanforge]# ip ru show
400:	from 192.168.5.5 lookup 1
1000:	from all lookup [l3mdev-table]
1512:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
[root at jed-heatsink1 lanforge]# systemctl start strongswan-starter.service
[root at jed-heatsink1 lanforge]# ip ru show
220:	from all lookup 220
400:	from 192.168.5.5 lookup 1
1000:	from all lookup [l3mdev-table]
1512:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

Thanks,
Ben

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the Users mailing list