I'm setting up a route-based strongswan site-to-site VTI tunnel between a
Ubuntu 16.04 host and a Cisco VPN. I'm trying to start very simple - just
get a vti ikev1 aes-256/sha1 tunnel up and ping the private IP of the
remote end. It smells like it's almost working (I'm getting ESP packets
from the
Hi,
You surely did not disable the installation of the routing. It needs to be
disabled for VTIs to work.
Kind regards
Noel
On 05.12.2017 19:08, Isaac Sutherland wrote:
> I'm setting up a route-based strongswan site-to-site VTI tunnel between a
> Ubuntu 16.04 host and a Cisco VPN. I'm trying
Thanks Noel, that was what I needed. Packets started making it through the
tunnel after I added "install_routes = no" to the default
/etc/strongswan.conf file:
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should
For the record, putting the changes in /etc/strongswan.conf works fine, but
on a Ubuntu 16.04 system the recommended location is
/etc/strongswan.d/charon.conf, where the install_routes directive is
already populated but commented out.
Further, for the kind of setup I'm doing, the strongswan RouteB
