[strongSwan] kernel traps with auto=route, and "install_routes=no" - how to view traps installed and the routes if any installed by Strongswan-Charon
tobias at strongswan.org
Mon Oct 26 14:34:15 CET 2020
> root# ip route show table 220
> 192.168.6.0/24 via 184.108.40.206 dev eth0 proto
> static src 192.168.1.1
> - So when i send a ping from the Local-PC to Remote-PC, the tunnel does
> come up and i recieve the ping-responses
> So i did not understand which source-ipaddr got changed here?
That's only relevant for packets sent locally from the IPsec host (i.e.
from local-peergw, so it uses 192.168.1.1 if it e.g. pings Remote-PC and
not 220.127.116.11 that the default route would suggest).
> And how is the behavior or procedure different when i disable table 220
Since you have a default route that can be used to forward packets from
the local to the remote subnet (if that wasn't the case, packets would
get dropped before IPsec processing) and if you don't send packets
directly from local-peergw, you won't need any routes in table 220.
More information about the Users