Re: [strongSwan] Tunnel issues

Philip L Hutson Mon, 06 Jul 2015 18:27:11 -0700

I tried 220 and 0 (for the primary table). Neither overwrote of had a higher 
priority than the default route that was in the table already.
-Philip


> On Jul 6, 2015, at 6:01 PM, Zhuyj <[email protected]> wrote:
> 
> table 220 work
> 
> 
> 发自我的 iPhone
> 
> 在 2015年7月7日，8:36，Philip L Hutson <[email protected] <mailto:[email protected]>> 
> 写道：
> 
>> I am trying to setup a vpn tunnel from an embedded linux system (Linux 
>> system-0004338 2.6.37 #7 Mon Jun 22 14:45:53 PDT 2015 armv7l GNU/Linux) to a 
>> cisco asa. I have a working solution but not the preferred one. 
>> One of my first problems was when I let strong swan add the routes it didn’t 
>> over write the default route so no traffic would go through. I was able to 
>> solve this by using the an up/down script. But I would prefer that strong 
>> swan added/removed the routes. 
>> The routes it added looked like this
>>  ip route
>> 10.255.254.180/30 dev usb1  src 10.255.254.180 
>> 0.0.0.0/1 via 10.255.254.181 dev usb1  src 10.3.10.18 
>> 128.0.0.0/1 via 10.255.254.181 dev usb1  src 10.3.10.18 
>> default via 10.255.254.181 dev usb1 
>> 
>> where the default route at the bottom was there already.
>> The route table before was
>>  ip route
>> 10.255.254.180/30 dev usb1  src 10.255.254.180 
>> default via 10.255.254.181 dev usb1 
>> 
>> The second issue is with the system time fix plugin. After the device gets a 
>> valid time from ntp over the tunnel it invalidates the client sa. 
>> time fix config 
>> system time fix <http://pastebin.com/B5WHHbLE>
>> LOGFILE <http://pastebin.com/0yu1YFKm> showing the sa being invalidated
>> 
>> 
>> The configuration I would like is where if usb1 goes up (after having been 
>> up before) strong swan reconnects the tunnel. Currently if usb1 goes down 
>> (for longer than dpd) and then comes up again and the dhcp client 
>> gets/assigns an address to usb1 strong swan does not reconnect the tunnel. 
>> If I use ipsec up home it comes back up.
>> My current working ipsec.conf <http://pastebin.com/B7vPqqDd>
>> charon.conf <http://pastebin.com/zY6ZzZgC>
>> updown script <http://pastebin.com/JGksUE8p>
>> 
>> _______________________________________________
>> Users mailing list
>> [email protected] <mailto:[email protected]>
>> https://lists.strongswan.org/mailman/listinfo/users 
>> <https://lists.strongswan.org/mailman/listinfo/users>

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Tunnel issues

Reply via email to