[strongSwan] Route-Based Site-to-site VPN
Ed Hunter
edhunterr at outlook.com
Thu Mar 24 13:34:44 CET 2022
Hi,
I have a question regarding site-to-site vpns with vti interfaces.
On my Debian Backports box i have several site to site vpns, some of them route based with GRE encapsulation using already configured tunnel interfaces. I have Quagga running for OSPF and routing and shorewall for iptables configuration.
I want to create a new site-to-site VPN but this time instead of using GRE i want to route traffic using vti interfaces (im on kernel 3.16).
I went through the route-based vpn documentation here https://docs.strongswan.org/strongswan-docs/5.9/features/routeBasedVpn.html#_gre and it mentions that i have to configure charon.install_routes = 0 to disable route installation by the IKE daemon.
Would that have any effect on the rest of my tunnels? What does disabling route installation by the IKE daemon means exactly in this case and why is it needed?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220324/dbc18763/attachment.html>
More information about the Users
mailing list