For posterity: I've opened a ticket for this issue at
https://wiki.strongswan.org/issues/2162
Is there any way around this without using updown.sh? Ticket #85 (
https://wiki.strongswan.org/issues/85#note-4) kind of hints at a solution
involving two routing tables but doesn't go into great detail.
Sure, will do. I started that process yesterday but my account is still
awaiting approval :)
Alex
On Fri, 28 Oct 2016 at 09:09 Noel Kuntze wrote:
> On 28.10.2016 03:00, Alexander Hill wrote:
> >
> > Server is running 5.3.5, I've tested 5.5.1 on the client end with and
> without the leftsubnet d
On 28.10.2016 03:00, Alexander Hill wrote:
>
> Server is running 5.3.5, I've tested 5.5.1 on the client end with and without
> the leftsubnet directive. Because this is to do with client-side routing
> updates I assume I can leave the server alone?
Yes, this should only pertain the client.
Curi
Hi Noel,
Server is running 5.3.5, I've tested 5.5.1 on the client end with and
without the leftsubnet directive. Because this is to do with client-side
routing updates I assume I can leave the server alone?
Cheers,
Alex
On Fri, 28 Oct 2016 at 02:10 Noel Kuntze wrote:
On 27.10.2016 18:29, Alexa
On 27.10.2016 18:29, Alexander Hill wrote:
> I get a route with src explicitly set to my interface's real IP, which has
> the same effect.
What version of strongSwan are you using?
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278
Hi Noel,
Thanks for the suggestion, I tried that. If I remove the leftsubnet
directive from the client config, I get a route with src explicitly set to
my interface's real IP, which has the same effect. I also tried setting it
to the virtual IP pool, and the current virtual IP under lease, to no
a
>
> 172.16.0.0/16 via 192.168.1.254 dev eth0 proto static src 172.16.0.3
>
> However if I use auto=route (or run ipsec route and then ipsec up), my table
> 220 looks like this:
>
> 172.16.0.0/16 via 192.168.1.254 dev eth0 proto static
As I wrote on IRC, that's because of this setting on the c
Hello,
I'm having what seems to be a similar problem as that described in ticket
#85 (https://wiki.strongswan.org/issues/85) except that my connections are
up, I'm just not routing correctly.
My goal is to have many roadwarrior clients getting virtual dynamic IP
addresses, which I want to remain