[strongSwan] What adds the rule for route table 220?
Ben Greear
greearb at candelatech.com
Wed Sep 18 19:12:40 CEST 2019
On 9/18/19 9:58 AM, Tobias Brunner wrote:
> Hi Ben,
>
>> Do you know if the routing rules are required to bind the ike and related
>> messages to an xfrm device?
>
> strongSwan won't install routes for policies that reference XFRM
> interfaces, see [1].
Ok, I see the main problem.
We were using table-id 220 for our ~220th interface, and we were not expecting
any rules to point towards it. So that is why just having the rule in place
was breaking our setup.
I guess I can configure strongswan to use table-id 22000 or something like
that well out of our range?
Thanks,
Ben
>
> Regards,
> Tobias
>
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-Interfaces-on-Linux
>
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Users
mailing list