Hi Dusan, > default > nexthop via 90.225.x.x dev vlan845 weight 1 > nexthop via 10.248.x.x dev ppp0 weight 256 > nexthop via 85.24.x.x dev vlan847 weight 1 > nexthop via 46.195.x.x dev ppp1 weight 1 > > My gateway is configured to use 10.248.0.x as "default route" (highest > weight/priority), but when Strongswan tried to initiate the tunnel it > seems to always default too the last route, 46.195.x.x, and this wont > work as the remote peer is expecting 85.24.x.x.
These kinds of multipath routes (via RTA_MULTIPATH) are currently not supported by strongSwan when looking up source addresses/nexthops. The kernel-netlink plugin only sees one of these via RTA_GATEWAY and RTA_OIF. You could try to switch to the kernel's default route lookup by setting either charon.install_routes=no (disables route installation by strongSwan altogether, only works with 5.5.2), or by setting charon.plugins.kernel-netlink.fwmark to an arbitrary number not used yet as firewall mark (this works since 5.3.3). However, I'm not sure if that will return different values in RTA_GATEWAY/RTA_OIF or if it would still be necessary to parse RTA_MULTIPATH. How exactly do these kind of kind of multipath routes compare to multiple routes with different priorities/metrics? In your case you have multiple paths with the same weight, how is the actual nexthop/interface chosen by the kernel? Round-robin? Random? Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
