[strongSwan] What adds the rule for route table 220?

Ben Greear greearb at candelatech.com
Wed Sep 18 19:12:40 CEST 2019


On 9/18/19 9:58 AM, Tobias Brunner wrote:
> Hi Ben,
> 
>> Do you know if the routing rules are required to bind the ike and related
>> messages to an xfrm device?
> 
> strongSwan won't install routes for policies that reference XFRM
> interfaces, see [1].

Ok, I see the main problem.

We were using table-id 220 for our ~220th interface, and we were not expecting
any rules to point towards it.  So that is why just having the rule in place
was breaking our setup.

I guess I can configure strongswan to use table-id 22000 or something like
that well out of our range?

Thanks,
Ben

> 
> Regards,
> Tobias
> 
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-Interfaces-on-Linux
> 


-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the Users mailing list