Hi Diego, >>> >>> >>> >>> >> >> >> > I forgot to clarify that route is inserted if compress=no. In > kernel_netlink_ipsec.c add_policy methed, the code checks if mode != > MODE_TRANSPORT to insert to route.
Yes, if IPComp is enabled the actual IPsec SA uses transport mode in the kernel as the inner IPComp SA does the tunneling. Up to 4.4.1 charon did this slightly wrong because the mode is changed while installing the policy and later when installing the route and checking the mode it's not the original mode that is compared. Please update to at least 4.5.0 to fix this. Regards, Tobias _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
