I think I solved the problem. It was really a problem in the routing table.
When I add a rule like this: sudo ip route add 10.1.13.0/24 proto static dev p5p1 src 10.1.13.1 table 220 It’s working like a charm. Because this is also the route strong swan wants to add and is failing (according to the log, this might be a bug?!). So should I fill a bug report? Kind regards Christian > On 04 Sep 2015, at 20:01, Christian Hanster <[email protected]> wrote: > > So the routing tables look like this: > > sudo ip rule list > 0: from all lookup local > 220: from all lookup 220 > 32766: from all lookup main > 32767: from all lookup default > > sudo ip route list table 220 > 10.1.0.0/16 via 192.168.1.1 dev p4p1 proto static src 10.1.13.1 > > ip route //that is the same as "ip route list table main” So this won’t be > consulted when 10.1.13.0/24 packets are managed > default via 192.168.1.1 dev p4p1 > 10.1.13.0/24 dev p5p1 proto kernel scope link src 10.1.13.1 > 192.168.1.0/24 dev p4p1 proto kernel scope link src 192.168.1.162 > > So why shouldn’t I use policy based routing? I did not change anything like > this… > > Kind regards > Christian Hanster >> On 04 Sep 2015, at 19:53, Noel Kuntze <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Hello Christian, >> >> What does your main routing table look like? Do you use policy based routing? >> $ ip route >> AFAIK strongSwan parses the main table and maintains >> its own table 220 to install rules and handle routing to remote subnets. >> >> >> - -- >> >> Mit freundlichen Grüßen/Kind Regards, >> Noel Kuntze >> >> GPG Key ID: 0x63EC6658 >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> >> iQIcBAEBCAAGBQJV6dqZAAoJEDg5KY9j7GZYPlQP/2lVUv1dGheOgPFk4IX6OCBg >> U1eNYiBdZSBBBJyQ6/xNnSbkODeXRKOm6FzhXpv4EjuIJyWwM4PCAiIhdxTdYxZp >> 7lzksraJI5OfF7kJbVMsdN7ESmnk3SN25DJCh/OZNy28XL9YR0ckFyAyVL5X+sNJ >> wKAep4XAYkKsvZTsqwm+XvWmkTTLuUwufKKY6PLcqhS8Burt3WoiEkUYluz5b/is >> 96G58Gpd7H2MbALyg5gpKKRC3fgTF7dlOL49Ozlm5p59wXQcTl0CaXAfz4axnLHt >> Ezo/1pzhEVbyOzBZpsVfcwR1Iki3jW1Tl7miVoKeTfr6XGfUvS2s81xQ9JdRfK1z >> AVcb+y0CG304BI+/WlV2gJJKqp0QrKMtboHGQXaHc5wtXqiQB+9uwOQIath9939i >> zQmnlysYAaveLOFI6/LohijCsE3lOcqWcWQ5KXaMk3nbGIiqg88Gl3uri90beQgW >> RDx6Tepnir1GkMlK703GWG9N8DIzp92sUJjU9p9e0Ud0jL9LzNCNU8rfWIYkiDH4 >> hhi8WSkHD5vN9XF3B3e0koH+c5ola64oWMQaVQD2V0fCTGS3ZNRKaZ0NF4d4kQzE >> ESvgKr8Dj/5HWmuHb8ULpxkMlReqcj+GhsxX7/5CBTUl2HgJsglLJPtPtqzjh2Ob >> oN6W/r5gHMU0UUDpFHhY >> =QNVc >> -----END PGP SIGNATURE----- >> > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
