Hi Tobias, Many thanks for your response. It works like a charm.
It turns out the table number is 12 so I can't test the patch. From rt_tables the main table is 255. Can you have table number higher than main? Just wondering. Best Regards, Simon ----- Original Message ----- From: "Tobias Brunner" <tob...@strongswan.org> To: "Simon Chan" <simon.ch...@yahoo.ca> Cc: <users@lists.strongswan.org> Sent: Friday, July 29, 2011 3:20 AM Subject: Re: [strongSwan] unable to install source route if node has two WAN ports > Hi, > >> * A minor detail: the route "default via 6.6.6.x dev eth2" appears >> twice, one in main table and another in a user table. I have to >> delete both of them. > > Not so minor after all :) This route is the actual culprit causing charon > to choose 6.6.6.254 as gateway. If you remove the default routes from the > wan1 and wan2 tables charon should use 2.2.2.1 as gateway as it has the > lower metric in the main table. The reason for this behavior is that when > doing the lookup for the nexthop we currently don't consider the rules > defined with ip rule. We just dump all the routes in all the tables and > try to find the best match. Now the order in which the kernel dumps the > tables is somehow not determined by the priority of such a table as > defined with ip rule, thus, the first route returned by the kernel is the > default route from table wan2 with 6.6.6.254 as gateway. > > To fix this you can try to exclude the two routing tables from the lookup. > First find out the numerical ID of those tables (these should be listed in > /etc/iproute2/rt_tables) then add them to strongswan.conf, for example: > > charon { > ignore_routing_tables=110 120 > } > > If the IDs are greater than 255 you need a patch I just checked in [1]. > > Regards, > Tobias > > [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2e370a30 _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users