Andreas, Thanks for the reply. I'm afraid I'm not an expert on xfrm policies. Could you please give an example of the add command you had in mind?
However, as Daniel states, your diagnosis does not sound quite right to me. Just going via the ip routing tables (and ignoring xfrm), it seems that specific routes take precedence over default routes and strongswan uses a separate table (220) because any default route added there takes precedence over a default route in the default table. However, an unintended consequence is that a default route in table 220 takes precedence over a specific route in the default table. So, as my original posting showed, either we need to: - get strongswan to add an equivalent specific route to table 220 as already present in the default table, or - get strongswan to NOT use table 220 but to manage the routes in the default table, or - get strongswan to NOT manage routes at all (via the charon.install_routes option in strongswan.conf) and manage the routes ourselves, based on events from charon Or, is there a fourth option? Daniel, Thanks for chipping in! 2009/11/13 Daniel Mentz <danielml+mailinglists.strongs...@sent.com<danielml%2bmailinglists.strongs...@sent.com> > > > could you please post the output of > > ip xfrm policy > > Here you go ... Regards, Graham. # *ip xfrm policy* src 0.0.0.0/0 dst 1.1.35.49/32 dir fwd priority 2000 tmpl src segw.somewhere.com dst 192.168.50.154 proto esp reqid 1 mode tunnel src 0.0.0.0/0 dst 1.1.35.49/32 dir in priority 2000 tmpl src segw.somewhere.com dst 192.168.50.154 proto esp reqid 1 mode tunnel src 1.1.35.49/32 dst 0.0.0.0/0 dir out priority 1680 tmpl src 192.168.50.154 dst segw.somewhere.com proto esp reqid 1 mode tunnel src 0.0.0.0/0 dst 0.0.0.0/0 dir 3 priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir 4 priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir 3 priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 dir 4 priority 0 _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users