Do you remove this default route and add several specific routes? 发自我的 iPhone
> 在 2015年7月7日,9:17,Philip L Hutson <[email protected]> 写道: > > I tried 220 and 0 (for the primary table). Neither overwrote of had a higher > priority than the default route that was in the table already. > -Philip > >> On Jul 6, 2015, at 6:01 PM, Zhuyj <[email protected]> wrote: >> >> table 220 work >> >> >> 发自我的 iPhone >> >>> 在 2015年7月7日,8:36,Philip L Hutson <[email protected]> 写道: >>> >>> I am trying to setup a vpn tunnel from an embedded linux system (Linux >>> system-0004338 2.6.37 #7 Mon Jun 22 14:45:53 PDT 2015 armv7l GNU/Linux) to >>> a cisco asa. I have a working solution but not the preferred one. >>> One of my first problems was when I let strong swan add the routes it >>> didn’t over write the default route so no traffic would go through. I was >>> able to solve this by using the an up/down script. But I would prefer that >>> strong swan added/removed the routes. >>> The routes it added looked like this >>> ip route >>> 10.255.254.180/30 dev usb1 src 10.255.254.180 >>> 0.0.0.0/1 via 10.255.254.181 dev usb1 src 10.3.10.18 >>> 128.0.0.0/1 via 10.255.254.181 dev usb1 src 10.3.10.18 >>> default via 10.255.254.181 dev usb1 >>> >>> where the default route at the bottom was there already. >>> The route table before was >>> ip route >>> 10.255.254.180/30 dev usb1 src 10.255.254.180 >>> default via 10.255.254.181 dev usb1 >>> >>> The second issue is with the system time fix plugin. After the device gets >>> a valid time from ntp over the tunnel it invalidates the client sa. >>> time fix config >>> system time fix >>> LOGFILE showing the sa being invalidated >>> >>> >>> The configuration I would like is where if usb1 goes up (after having been >>> up before) strong swan reconnects the tunnel. Currently if usb1 goes down >>> (for longer than dpd) and then comes up again and the dhcp client >>> gets/assigns an address to usb1 strong swan does not reconnect the tunnel. >>> If I use ipsec up home it comes back up. >>> My current working ipsec.conf >>> charon.conf >>> updown script >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
