From owner-freebsd-ports@freebsd.org  Fri Aug 26 07:00:11 2016
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A830BC6D6D
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Fri, 26 Aug 2016 07:00:11 +0000 (UTC) (envelope-from abi@abinet.ru)
Received: from mail.abinet.ru (mail.abinet.ru [136.243.72.227])
 by mx1.freebsd.org (Postfix) with ESMTP id 1062515E5
 for <freebsd-ports@freebsd.org>; Fri, 26 Aug 2016 07:00:10 +0000 (UTC)
 (envelope-from abi@abinet.ru)
Received: from sphinx.abinet.ru (unknown [192.168.2.2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.abinet.ru (Postfix) with ESMTPSA id 9A051415
 for <freebsd-ports@freebsd.org>; Fri, 26 Aug 2016 07:00:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=abinet.ru; s=dkim;
 t=1472194808; bh=P6v9y8teuugpNdFyhi9dtxj2UNdSPm/12RSmjZNNPNA=;
 h=Date:From:To:Subject;
 b=GLLap5aczVzwN5rBXTFcPH2VV57e/YO4ENx+axCFPrXlWxgD9Ly/2LRCCHsNLvrxl
 qOouJig54efbY8SKkq7R2RnoWQQ9cY6PiQAugIG0E85LDc780ZdI59Zj1R3GCEIk/Y
 S9HQuEtVP5C8eNwuHRA6pSSGzZ0ZtKj9KHShUHr4=
Date: Fri, 26 Aug 2016 10:00:00 +0300
From: abi <abi@abinet.ru>
To: freebsd-ports@freebsd.org
Subject: security/strongswan start=route issue
Message-Id: <20160826100000.1126b42d107c93d648a8957a@abinet.ru>
X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.29; amd64-portbld-freebsd11.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,T_DKIM_INVALID,
 UNPARSEABLE_RELAY autolearn=disabled version=3.4.1
X-Spam-Report: * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
 *      [score: 0.1229]
 *  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
 *  0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on postfix.abinet.ru
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2016 07:00:11 -0000

Hello,

I'd like to open PR on upstream, but I want be sure that the problem exists not only for me, as the problem looks strange.
The issue is that tunnel behaves different if it autostarts (auto=start) and when it starts when traffic registered between left and right side. (auto=route).

The latter method not works. I see tunnel up, route table updated, but no traffic flows.
So, the test is very easy:
1. Stop strongswan
2. Change /usr/local/etc/ipsec.conf tunnel config to auto=route
3. Start strongswan and try to ping the right side.
4. The tunnel should up, but no reply to pings.

If it matters, I use virtual ip (as it's a laptop without left network and without external ip). 

-- 
abi <abi@abinet.ru>