security/strongswan start=route issue

abi abi at abinet.ru
Fri Aug 26 07:00:11 UTC 2016


Hello,

I'd like to open PR on upstream, but I want be sure that the problem exists not only for me, as the problem looks strange.
The issue is that tunnel behaves different if it autostarts (auto=start) and when it starts when traffic registered between left and right side. (auto=route).

The latter method not works. I see tunnel up, route table updated, but no traffic flows.
So, the test is very easy:
1. Stop strongswan
2. Change /usr/local/etc/ipsec.conf tunnel config to auto=route
3. Start strongswan and try to ping the right side.
4. The tunnel should up, but no reply to pings.

If it matters, I use virtual ip (as it's a laptop without left network and without external ip). 

-- 
abi <abi at abinet.ru>


More information about the freebsd-ports mailing list