Hi Masakazu, > According to the following document, it is noted that in the case of Route- > based VPN, set "charon.install_routes = 0". > > https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN > >> First, the route installation by the IKE daemon must be disabled. To do >> this, set charon.install_routes=0 in strongswan.conf.
That's not required for all route-based solutions. > What if I want to mix Route-based VPN and Policy-based VPN? You don't necessarily need the daemon to install the routes. They might not even be necessary (depends on the routing configuration and the policies), or can easily be installed manually (or via script). Also, with XFRM interfaces, the global install_routes option does not have to be disabled. > It is useful to be able to do the same setting as install_routes for each > connection setting. Like below. > > https://github.com/m-asama/strongswan/commit/d22c5f2f33659fb07b78dc297468e4e83a0b1f7d > > Is it possible to have these options added? I'm currently not in favor of this because routes are handled/shared kinda strangely, so side-effects are possible. Plus there are some other features that depend on the global option being disabled (e.g. the fast route lookup). Regards, Tobias
