Hi every1,
maybe first a bit the setup. I've a gif tunnel running which is created like:
And running Strongswan with multiple phase 2 connections over this. All phase 2 entries are established successfully for additional subnets, like in 172.16.1.0/24, 172.16.2.0/28 and so on.
To finally reach something in the additional subnets, a manual route has been set like:
And going on. This worked fine under 12.2-RELEASE and older, after upgrading to 13.0-RELEASE it doesn't anymore.
Before the routing table looked like:
After upgrading to 13.0, the "ifp" parameter seems to be ignored and a route is created like
Doing a ping with the -S option to manually set the source to 10.0.1.1 works fine, also being able to ping from machines in 172.16.1.0/24 to 10.0.1.1 works.
So how can this be solved ?
Please note I've no control over the remote site so changing phase 2 entries to, e.g. 172.16.0.0/16 isn't possible, this will also conflict with other VPN's which have the same problem setting routes, choosing gif as interface though routes still get created on lo0.
maybe first a bit the setup. I've a gif tunnel running which is created like:
Code:
inet 10.0.1.1 172.16.0.6 netmask 255.255.255.255 inet6 tunnel 2a01:: 2a02::And running Strongswan with multiple phase 2 connections over this. All phase 2 entries are established successfully for additional subnets, like in 172.16.1.0/24, 172.16.2.0/28 and so on.
To finally reach something in the additional subnets, a manual route has been set like:
Code:
route add -net 172.16.1.0/24 10.0.1.1 -ifp gif0And going on. This worked fine under 12.2-RELEASE and older, after upgrading to 13.0-RELEASE it doesn't anymore.
Before the routing table looked like:
Code:
172.16.1.0/24 10.0.1.1 UGS gif0After upgrading to 13.0, the "ifp" parameter seems to be ignored and a route is created like
Code:
172.16.1.0/24 10.0.1.1 UGS lo0Doing a ping with the -S option to manually set the source to 10.0.1.1 works fine, also being able to ping from machines in 172.16.1.0/24 to 10.0.1.1 works.
So how can this be solved ?
Please note I've no control over the remote site so changing phase 2 entries to, e.g. 172.16.0.0/16 isn't possible, this will also conflict with other VPN's which have the same problem setting routes, choosing gif as interface though routes still get created on lo0.
