Hi Elmar, > I thought, this happens in the _updown-Script
It did but this is now done by the kernel-netlink plugin (see [1]). Pluto still installs the source routes with the _updown script, though. Now, the kernel-netlink plugin doesn't check if the rule already exists and just installs it anyway. In 4.6.0 it actually gets installed up to three times since the kernel-netlink plugin is now loaded by starter, pluto and charon. If none of these crashes they also get removed afterwards. I'm not sure if that's a problem, the kernel at least does not seem to care about the duplicate rules. > Strongswan was compiled with “--with-routing-table=254 > --with-routing-table-prio=100" (254 is “main”). Actually, you should set --with-routing-table=0 to install routes into the main routing table. This way no rule is installed at all and the source route is simply added to the main table. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c;hb=HEAD#l1411 _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users