[strongSwan] What adds the rule for route table 220?
Hoggins!
hoggins at radiom.fr
Mon Sep 23 11:35:06 CEST 2019
Hi Ben,
In charon.conf, the routing_table option lets you configure the table
number.
The comment associated with this option does not say what is the
accepted range, though.
Hoggins!
Le 18/09/2019 à 19:12, Ben Greear a écrit :
> On 9/18/19 9:58 AM, Tobias Brunner wrote:
>> Hi Ben,
>>
>>> Do you know if the routing rules are required to bind the ike and
>>> related
>>> messages to an xfrm device?
>>
>> strongSwan won't install routes for policies that reference XFRM
>> interfaces, see [1].
>
> Ok, I see the main problem.
>
> We were using table-id 220 for our ~220th interface, and we were not
> expecting
> any rules to point towards it. So that is why just having the rule in
> place
> was breaking our setup.
>
> I guess I can configure strongswan to use table-id 22000 or something
> like
> that well out of our range?
>
> Thanks,
> Ben
>
>>
>> Regards,
>> Tobias
>>
>> [1]
>> https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN#XFRM-Interfaces-on-Linux
>>
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190923/f7d13904/attachment.sig>
More information about the Users
mailing list