table 220 work
发自我的 iPhone > 在 2015年7月7日,8:36,Philip L Hutson <[email protected]> 写道: > > I am trying to setup a vpn tunnel from an embedded linux system (Linux > system-0004338 2.6.37 #7 Mon Jun 22 14:45:53 PDT 2015 armv7l GNU/Linux) to a > cisco asa. I have a working solution but not the preferred one. > One of my first problems was when I let strong swan add the routes it didn’t > over write the default route so no traffic would go through. I was able to > solve this by using the an up/down script. But I would prefer that strong > swan added/removed the routes. > The routes it added looked like this > ip route > 10.255.254.180/30 dev usb1 src 10.255.254.180 > 0.0.0.0/1 via 10.255.254.181 dev usb1 src 10.3.10.18 > 128.0.0.0/1 via 10.255.254.181 dev usb1 src 10.3.10.18 > default via 10.255.254.181 dev usb1 > > where the default route at the bottom was there already. > The route table before was > ip route > 10.255.254.180/30 dev usb1 src 10.255.254.180 > default via 10.255.254.181 dev usb1 > > The second issue is with the system time fix plugin. After the device gets a > valid time from ntp over the tunnel it invalidates the client sa. > time fix config > system time fix > LOGFILE showing the sa being invalidated > > > The configuration I would like is where if usb1 goes up (after having been up > before) strong swan reconnects the tunnel. Currently if usb1 goes down (for > longer than dpd) and then comes up again and the dhcp client gets/assigns an > address to usb1 strong swan does not reconnect the tunnel. If I use ipsec up > home it comes back up. > My current working ipsec.conf > charon.conf > updown script > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
