Hi List, When an IPsec tunnel is established, a route is added in table 220. It looks like this: 10.10.10.0/24 via 1.1.1.1 dev etho
xfrm policy has this src 0.0.0.0 dst 10.10.10.0/24 dir out priority 2000 tmpl src 2.2.2.2 dst 1.1.1.1 proto esp reqid ... I noticed that some of my route entries have the wrong peer addresses, probably because peers re-incarnate into different IP addresses before the local end DPD cleanup the routes. Ran traffic test and the tunnels still pass traffic. Seems the route entries are not used?! I think they are actually misleading because we want packets fitting the descriptors transformed, not just routed. I am wondering: 1. Do the route entries serve any purpose at all? 2. Would rtnetlink flag NLM_F_REPLACE (vs NLM_F_EXCL) fix the dangling route issue? Thanks for help. Sial
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
