Hi, > I've compiled strongswan with user vpn and group vpn.
If you use non-root users, you'll need support for capability handling too. Add --with-capabilities=libcap to ./configure. > route-client output: Not sufficient rights to flush It is not possible to propagate the capabilities to the updown script. Pluto uses the updown script not only for firewalling, but also for route installation. You'll have to run the updown script with root privileges. Never tried it, but file system based capability settings might work. Another alternative is to define leftupdown="sudo ipsec _updown" and configure sudo accordingly. Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users