Hi, I have just masked the IP-adresses for security reasons, and nexthop just means that my gateway is using multipath routing (load balancing)
I have disabled table 220, Strongswans now puts it's routes in the main routing table and in this table is also the multipath default routes. That's why I don't understand why the traffic defaults out on the incoming IPsec interface, when this interface has a lower priority. The Linux kernel is handling the routing correct for local network devices, using the highest prioritized route, but not for IPsec clients. >----Ursprungligt meddelande---- >Från : [email protected] >Datum : 30/01/2017 - 00:26 (V) >Till : [email protected], [email protected] >Ämne : Re: [strongSwan] IPSEC remote access routing > >On 29.01.2017 22:23, Dusan Ilic wrote: >> The following is my Strongswan servers routing table (default routes). >> >> nexthop via 90.225.x.x dev vlan845 weight 1 >> nexthop via 10.248.x.x dev ppp1 weight 256 >> nexthop via 85.24.x.x dev vlan847 weight 1 >> nexthop via 46.195.x.x dev ppp0 weight 1 > >Please don't replace IPs with the useless text "nexthop". >If you replace them, replace them with values that make sense. > >> Strongswan listens on vlan847 so that's where the remote access clients are >> connecting, and also their internet traffic are going out that interface, >> despite ppp1 has the highest priority. Every LAN-client on the Strongswan >> network are primarily using ppp1, so the routing do work locally, but not >> for the VPN-clients. > >What's in table 220? The kernel handles the traffic, so it has to obey the >routing rules and -tables. Maybe disable the installation of routes in >strongSwan.conf, if there are routes in table 220 and you don't need the. >Remove parts you don't necessarily need. >You need to take a look at your iptables and routing rules, if you use policy >based routing. > > >-- > >Mit freundlichen Grüßen/Kind Regards, >Noel Kuntze > >GPG Key ID: 0x63EC6658 >Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
