Hi Ed,
how would i go about installing routes in a higher priority table for the new site-to-site i want to configure?
strongSwan installs routes in table 220 (see `ip route list table 220`), which has priority 220 (see `ip rule` if the daemon is running). So you have to install your routes in a table that has higher priority (lower numeric value) than that. See the man pages for `ip rule` and `ip route` for details.
How can i see charon installed routes? Are these the ones i see with ip xfrm policy?
No, those are the IPsec policies. They are independent of the routing decision (which happens before checking for matching policies).
So, if i do ip tunnel add vti100 local X.X.X.X remote Y.Y.Y.Y mode vti key 111 ip link set vti0 up ip route add 10.0.10.0/24 dev vti100 Would that be sufficient at least for this /24?
You probably want to add `src 192.168.132.20` to your `ip route add` command so that address is used as source and not e.g. X.X.X.X. And if automatic routes are installed for other connections, installing in the main routing table might not work if there are any conflicts (if so, install the route in a higher-priority table).
Regards, Tobias
