[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] unable to install source route if node has two WAN
From:       "Simon Chan" <simon.chan3 () yahoo ! ca>
Date:       2011-07-30 4:17:17
Message-ID: 20B513F362A247E5B560C35F53B3D357 () dad2
[Download RAW message or body]

Hi Tobias,

Many thanks for your response. It works like a charm.

It turns out the table number is 12 so I can't test the patch. From 
rt_tables the main table is 255. Can you have table number higher than main? 
Just wondering.

Best Regards,
Simon

----- Original Message ----- 
From: "Tobias Brunner" <tobias@strongswan.org>
To: "Simon Chan" <simon.chan3@yahoo.ca>
Cc: <users@lists.strongswan.org>
Sent: Friday, July 29, 2011 3:20 AM
Subject: Re: [strongSwan] unable to install source route if node has two WAN 
ports


> Hi,
>
>>     * A minor detail: the route "default via 6.6.6.x dev eth2" appears
>>       twice, one in main table and another in a user table. I have to
>>       delete both of them.
>
> Not so minor after all :)  This route is the actual culprit causing charon 
> to choose 6.6.6.254 as gateway.  If you remove the default routes from the 
> wan1 and wan2 tables charon should use 2.2.2.1 as gateway as it has the 
> lower metric in the main table.  The reason for this behavior is that when 
> doing the lookup for the nexthop we currently don't consider the rules 
> defined with ip rule.  We just dump all the routes in all the tables and 
> try to find the best match.  Now the order in which the kernel dumps the 
> tables is somehow not determined by the priority of such a table as 
> defined with ip rule, thus, the first route returned by the kernel is the 
> default route from table wan2 with 6.6.6.254 as gateway.
>
> To fix this you can try to exclude the two routing tables from the lookup. 
> First find out the numerical ID of those tables (these should be listed in 
> /etc/iproute2/rt_tables) then add them to strongswan.conf, for example:
>
> charon {
> ignore_routing_tables=110 120
> }
>
> If the IDs are greater than 255 you need a patch I just checked in [1].
>
> Regards,
> Tobias
>
> [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2e370a30 


_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic