[strongSwan] kernel traps with auto=route, and "install_routes=no" - how to view traps installed and the routes if any installed by Strongswan-Charon
Tobias Brunner
tobias at strongswan.org
Mon Oct 26 14:34:15 CET 2020
Hi Rajiv,
> root# ip route show table 220
> 192.168.6.0/24 via 44.44.44.1 dev eth0 proto
> static src 192.168.1.1
>
> - So when i send a ping from the Local-PC to Remote-PC, the tunnel does
> come up and i recieve the ping-responses
>
> So i did not understand which source-ipaddr got changed here?
That's only relevant for packets sent locally from the IPsec host (i.e.
from local-peergw, so it uses 192.168.1.1 if it e.g. pings Remote-PC and
not 44.44.44.20 that the default route would suggest).
> And how is the behavior or procedure different when i disable table 220
> (install_routes=no)?
Since you have a default route that can be used to forward packets from
the local to the remote subnet (if that wasn't the case, packets would
get dropped before IPsec processing) and if you don't send packets
directly from local-peergw, you won't need any routes in table 220.
Regards,
Tobias
More information about the Users
mailing list