Date: Sat, 14 Oct 2023 13:25:23 +0300 From: Victor Gamov <vitspec@gmail.com> To: freebsd-net <freebsd-net@freebsd.org> Subject: Packet forwarding stooped when Strongswan install IPsec policy Message-ID: <CAPOOyvkH1WA0KMD1jBHPV_HiFpUZ-op9tjq-LtFOa6r2FtJhOA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--000000000000e6984d0607aa97c2
Content-Type: text/plain; charset="UTF-8"
Hi All
I have FreeBSD 13.2-STABLE stable/13-n255939-b9da47180fd6 GENERIC amd64
machine with strongswan-5.9.11_2 installed by pkg.
When routed ipsec is up all outgoing packets forwarded into ipsec-tunnel so
networking is immediately fails.
FreeBSD config:
=====
net.fibs=4
net.inet.ip.forwarding=1
=====
ifconfig ipsec10121
=====
ipsec10121: flags=8050<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1400
description: PoP-12
tunnel inet 1.1.1.2 --> 2.2.2.2
inet 172.16.110.129 --> 172.16.110.130 netmask 0xfffffffc
groups: ipsec
reqid: 10121
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
=====
strongswan etc/ipsec.conf:
=====
conn pop4-to-pop12-routed
# also = tmpl_route_based
left = 1.1.1.2
right = 2.2.2.2
leftsubnet = 0.0.0.0/0
rightsubnet = 0.0.0.0/0
reqid = 10121
type = tunnel
authby = psk
keyexchange = ikev2
ike = aes256-sha256-modp3072,aes256-sha256-modp3072
esp = aes256-sha256-modp3072,aes256-sha256-modp3072
ikelifetime = 28800
mobike = no
lifetime = 3600
dpdaction = restart
dpddelay = 30s
auto = start
=====
strongswan etc/strongswan.d/charon/kernel-pfkey.conf:
=====
kernel-pfkey {
load = yes
# route_via_internal = no
}
=====
route -n monitor
=====
got message of size 272 on Sat Oct 14 12:39:39 2023
RTM_GET: Report Metrics: len 272, pid: 49695, seq 1, errno 0,
flags:<UP,GATEWAY,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
0.0.0.0 1.1.1.1 0.0.0.0 vlan200:48.dc.2d.6.4f.f4 1.1.1.2
got message of size 200 on Sat Oct 14 12:39:39 2023
RTM_GET: Report Metrics: len 200, pid: 49695, seq 2, errno 0,
flags:<UP,GATEWAY,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
0.0.0.0 1.1.1.1 0.0.0.0
got message of size 256 on Sat Oct 14 12:39:39 2023
RTM_ADD: Add Route: len 256, pid: 49695, seq 3, errno 0,
flags:<UP,GATEWAY,HOST,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,IFP,IFA>
2.2.2.2 1.1.1.1 vlan200:48.dc.2d.6.4f.f4 1.1.1.2
got message of size 272 on Sat Oct 14 12:39:39 2023
RTM_ADD: Add Route: len 272, pid: 49695, seq 5, errno 0,
flags:<UP,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
128.0.0.0 1.1.1.1 128.0.0.0 vlan200:48.dc.2d.6.4f.f4 1.1.1.2
got message of size 272 on Sat Oct 14 12:39:39 2023
RTM_ADD: Add Route: len 272, pid: 49695, seq 4, errno 0,
flags:<UP,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
0.0.0.0 1.1.1.1 128.0.0.0 vlan200:48.dc.2d.6.4f.f4 1.1.1.2
=====
netstat -r -nW4:
=====
Routing tables
Internet:
Destination Gateway Flags Nhop# Mtu Netif Expire
0.0.0.0/1 195.34.58.166 US 12 1500 vlan200
default 195.34.58.166 UGS 6 1500 vlan200
10.4.102.128/31 link#8 U 8 1500 vlan22
10.4.102.129 link#8 UHS 7 16384 lo0
31.131.95.64/27 127.0.0.1 U1B 9 16384 lo0
46.243.226.103 195.34.58.166 UGHS 10 1500 vlan200
127.0.0.1 link#5 UHS 1 16384 lo0
128.0.0.0/1 195.34.58.166 US 12 1500 vlan200
172.16.110.12/31 link#4 U 2 1500 ixl3
172.16.110.13 link#4 UHS 3 16384 lo0
172.16.110.129 link#11 UHS 11 16384 lo0
195.34.58.166/31 link#7 U 4 1500 vlan200
195.34.58.167 link#7 UHS 5 16384 lo0
=====
netstat -o -nW4
=====
Nexthop data
Internet:
Idx Type IFA Gateway Flags Use
Mtu Netif Addrif Refcnt Prepend
1 v4/resolve 127.0.0.1 lo0/resolve HS 1366
16384 lo0 2
2 v4/resolve 172.16.110.13 ixl3/resolve 0
1500 ixl3 2
3 v4/resolve 127.0.0.1 lo0/resolve HS 0
16384 lo0 ixl3 2
4 v4/resolve 195.34.58.167 vlan200/resolve 51749
1500 vlan200 4
5 v4/resolve 127.0.0.1 lo0/resolve HS 0
16384 lo0 vlan200 2
6 v4/gw 195.34.58.167 195.34.58.166 GS 37902
1500 vlan200 2
7 v4/resolve 127.0.0.1 lo0/resolve HS 0
16384 lo0 vlan22 2
8 v4/resolve 10.4.102.129 vlan22/resolve 3
1500 vlan22 2
9 v4/resolve 127.0.0.1 lo0/resolve 1B 0
16384 lo0 2
10 v4/gw 195.34.58.167 195.34.58.166 GHS 0
1500 vlan200 2
11 v4/resolve 127.0.0.1 lo0/resolve HS 0
16384 lo0ipsec10121 2
12 v4/resolve 195.34.58.167 vlan200/resolve S 0
1500 vlan200 3
=====
If I changed "route_via_internal=yes" at
etc/strongswan.d/charon/kernel-pfkey.conf then no route like 0.0.0.0/1 or
128.0.0.0/1 installed but network still fails
The very same strongswan config works fine for many years on FreeBSD-11.
FreeBSD-13 has many changes at network stack and strongswan changed too.
Also I read https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255678 and
https://github.com/strongswan/strongswan/issues/910 and its looks like
strongswan/FreeBSD integration issue.
I'll appreciate any advice. Thanks!
--
CU,
Victor Gamov
--000000000000e6984d0607aa97c2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>Hi All</div><div><br></div><div>I have FreeBSD 13.2-S=
TABLE stable/13-n255939-b9da47180fd6 GENERIC amd64 machine with strongswan-=
5.9.11_2 installed by pkg.</div><div><br></div><div>When routed ipsec is up=
all outgoing packets forwarded into ipsec-tunnel so networking is immediat=
ely fails.<br></div><div><br></div><div>FreeBSD config:</div><div>=3D=3D=3D=
=3D=3D</div><div>net.fibs=3D4<br>net.inet.ip.forwarding=3D1</div><div>=3D=
=3D=3D=3D=3D</div><div><br></div><div><br></div><div>ifconfig ipsec10121</d=
iv><div>=3D=3D=3D=3D=3D<br></div><div>ipsec10121: flags=3D8050<UP,POINTO=
POINT,RUNNING,MULTICAST> metric 0 mtu 1400<br> description: PoP-12<br> t=
unnel inet 1.1.1.2 --> 2.2.2.2<br> inet 172.16.110.129 --> 172.16.110=
.130 netmask 0xfffffffc<br> groups: ipsec<br> reqid: 10121<br> nd6 options=
=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL></div><div>=3D=3D=3D=3D=3D=
<br></div><div><br></div><div><br></div><div>strongswan etc/ipsec.conf:</di=
v><div>=3D=3D=3D=3D=3D</div><div>conn pop4-to-pop12-routed<br># =C2=A0also =
=3D tmpl_route_based<br>=C2=A0 left =3D 1.1.1.2<br>=C2=A0 right =3D 2.2.2.2=
<br>=C2=A0 leftsubnet =3D <a href=3D"http://0.0.0.0/0">0.0.0.0/0</a><br>=C2=
=A0 rightsubnet =3D <a href=3D"http://0.0.0.0/0">0.0.0.0/0</a><br>=C2=A0 re=
qid =3D 10121<br>=C2=A0 type =3D tunnel<br>=C2=A0 authby =3D psk<br>=C2=A0 =
keyexchange =3D ikev2<br>=C2=A0 ike =3D aes256-sha256-modp3072,aes256-sha25=
6-modp3072<br>=C2=A0 esp =3D aes256-sha256-modp3072,aes256-sha256-modp3072<=
br>=C2=A0 ikelifetime =3D 28800<br>=C2=A0 mobike =3D no<br>=C2=A0 lifetime =
=3D 3600<br>=C2=A0 dpdaction =3D restart<br>=C2=A0 dpddelay =3D 30s<br>=C2=
=A0 auto =3D start</div><div>=3D=3D=3D=3D=3D</div><div><br></div><div><br><=
/div><div>strongswan etc/strongswan.d/charon/kernel-pfkey.conf:</div><div>=
=3D=3D=3D=3D=3D</div><div>kernel-pfkey {</div><div>=C2=A0 load =3D yes</div=
><div># route_via_internal =3D no<br>}</div><div>=3D=3D=3D=3D=3D<br></div><=
div><br></div><div><br></div><div>route -n monitor</div><div>=3D=3D=3D=3D=
=3D</div><div>got message of size 272 on Sat Oct 14 12:39:39 2023<br>RTM_GE=
T: Report Metrics: len 272, pid: 49695, seq 1, errno 0, flags:<UP,GATEWA=
Y,DONE,STATIC><br>locks: =C2=A0inits: <br>sockaddrs: <DST,GATEWAY,NET=
MASK,IFP,IFA><br>=C2=A00.0.0.0 1.1.1.1 0.0.0.0 vlan200:48.dc.2d.6.4f.f4 =
1.1.1.2<br><br>got message of size 200 on Sat Oct 14 12:39:39 2023<br>RTM_G=
ET: Report Metrics: len 200, pid: 49695, seq 2, errno 0, flags:<UP,GATEW=
AY,DONE,STATIC><br>locks: =C2=A0inits: <br>sockaddrs: <DST,GATEWAY,NE=
TMASK><br>=C2=A00.0.0.0=C2=A01.1.1.1 0.0.0.0<br><br>got message of size =
256 on Sat Oct 14 12:39:39 2023<br>RTM_ADD: Add Route: len 256, pid: 49695,=
seq 3, errno 0, flags:<UP,GATEWAY,HOST,DONE,STATIC><br>locks: =C2=A0=
inits: <br>sockaddrs: <DST,GATEWAY,IFP,IFA><br>=C2=A02.2.2.2 1.1.1.1 =
vlan200:48.dc.2d.6.4f.f4 1.1.1.2<br><br>got message of size 272 on Sat Oct =
14 12:39:39 2023<br>RTM_ADD: Add Route: len 272, pid: 49695, seq 5, errno 0=
, flags:<UP,DONE,STATIC><br>locks: =C2=A0inits: <br>sockaddrs: <DS=
T,GATEWAY,NETMASK,IFP,IFA><br>=C2=A0128.0.0.0=C2=A01.1.1.1 128.0.0.0 vla=
n200:48.dc.2d.6.4f.f4 1.1.1.2<br><br>got message of size 272 on Sat Oct 14 =
12:39:39 2023<br>RTM_ADD: Add Route: len 272, pid: 49695, seq 4, errno 0, f=
lags:<UP,DONE,STATIC><br>locks: =C2=A0inits: <br>sockaddrs: <DST,G=
ATEWAY,NETMASK,IFP,IFA><br>=C2=A00.0.0.0=C2=A01.1.1.1 128.0.0.0 vlan200:=
48.dc.2d.6.4f.f4 1.1.1.2<br></div><div>=3D=3D=3D=3D=3D</div><div><br></div>=
<div><br></div><div>netstat -r -nW4:<br></div><div>=3D=3D=3D=3D=3D</div><di=
v>Routing tables<br><br>Internet:<br>Destination =C2=A0 =C2=A0 =C2=A0 =C2=
=A0Gateway =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Flags =C2=A0 Nhop# =C2=
=A0 =C2=A0Mtu =C2=A0 =C2=A0 =C2=A0Netif Expire<br><a href=3D"http://0.0.0.0=
/1">0.0.0.0/1</a> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0195.34.58.166 =C2=A0 =
=C2=A0 =C2=A0US =C2=A0 =C2=A0 =C2=A0 =C2=A0 12 =C2=A0 1500 =C2=A0 =C2=A0vla=
n200<br>default =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0195.34.58.166 =C2=
=A0 =C2=A0 =C2=A0UGS =C2=A0 =C2=A0 =C2=A0 =C2=A0 6 =C2=A0 1500 =C2=A0 =C2=
=A0vlan200<br><a href=3D"http://10.4.102.128/31">10.4.102.128/31</a>; =C2=A0=
=C2=A0link#8 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 U =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 8 =C2=A0 1500 =C2=A0 =C2=A0 vlan22<br>10.4.102.129 =C2=A0=
=C2=A0 =C2=A0 link#8 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UHS =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 7 =C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0<br><a hre=
f=3D"http://31.131.95.64/27">31.131.95.64/27</a>; =C2=A0 =C2=A0127.0.0.1 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0U1B =C2=A0 =C2=A0 =C2=A0 =C2=A0 9 =C2=A01638=
4 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0<br>46.243.226.103 =C2=A0 =C2=A0 195.34.58.=
166 =C2=A0 =C2=A0 =C2=A0UGHS =C2=A0 =C2=A0 =C2=A0 10 =C2=A0 1500 =C2=A0 =C2=
=A0vlan200<br>127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0link#5 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UHS =C2=A0 =C2=A0 =C2=A0 =C2=A0 1 =C2=A0163=
84 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0<br><a href=3D"http://128.0.0.0/1">128.0.0=
.0/1</a> =C2=A0 =C2=A0 =C2=A0 =C2=A0195.34.58.166 =C2=A0 =C2=A0 =C2=A0US =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 12 =C2=A0 1500 =C2=A0 =C2=A0vlan200<br><a href=
=3D"http://172.16.110.12/31">172.16.110.12/31</a>; =C2=A0 link#4 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 U =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2 =C2=
=A0 1500 =C2=A0 =C2=A0 =C2=A0 ixl3<br>172.16.110.13 =C2=A0 =C2=A0 =C2=A0lin=
k#4 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UHS =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 3 =C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0<br>172.16.110.129 =C2=A0 =
=C2=A0 link#11 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0UHS =C2=A0 =C2=A0 =
=C2=A0 =C2=A011 =C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0<br><a href=3D"ht=
tp://195.34.58.166/31">195.34.58.166/31</a> =C2=A0 link#7 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 U =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 4 =C2=A0 1500=
=C2=A0 =C2=A0vlan200<br>195.34.58.167 =C2=A0 =C2=A0 =C2=A0link#7 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 UHS =C2=A0 =C2=A0 =C2=A0 =C2=A0 5 =C2=A0=
16384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0</div><div>=3D=3D=3D=3D=3D</div><div><b=
r></div><div><br></div><div>netstat -o -nW4<br></div><div>=3D=3D=3D=3D=3D</=
div><div>Nexthop data<br><br>Internet:<br>Idx =C2=A0 Type =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 IFA =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Gatew=
ay =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Flags =C2=A0 =C2=A0 =C2=A0Use =
Mtu =C2=A0 =C2=A0 =C2=A0 =C2=A0 Netif =C2=A0 =C2=A0 Addrif Refcnt Prepend<b=
r>1 =C2=A0 =C2=A0 =C2=A0 v4/resolve 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0lo0/resolve =C2=A0 =C2=A0 =C2=A0 =C2=A0HS =C2=A0 =C2=A0 =C2=A0 =C2=A0=
1366 =C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 2 <br>2 =C2=A0 =C2=A0 =C2=A0 v4/resolve 172.16.110=
.13 =C2=A0 =C2=A0 =C2=A0ixl3/resolve =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0 =C2=A0 1500 =C2=A0 =C2=A0 =C2=A0 ixl3 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2 <br>3 =C2=A0 =C2=A0 =C2=A0 =
v4/resolve 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0/resolve =C2=A0 =
=C2=A0 =C2=A0 =C2=A0HS =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A00 =C2=A0163=
84 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0 =C2=A0 =C2=A0 =C2=A0ixl3 =C2=A0 =C2=A0 2 =
<br>4 =C2=A0 =C2=A0 =C2=A0 v4/resolve 195.34.58.167 =C2=A0 =C2=A0 =C2=A0vla=
n200/resolve =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A051749 =C2=A0 1=
500 =C2=A0 =C2=A0vlan200 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 4=
<br>5 =C2=A0 =C2=A0 =C2=A0 v4/resolve 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0lo0/resolve =C2=A0 =C2=A0 =C2=A0 =C2=A0HS =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A00 =C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0 =C2=A0 vla=
n200 =C2=A0 =C2=A0 2 <br>6 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0v4/gw 1=
95.34.58.167 =C2=A0 =C2=A0 =C2=A0195.34.58.166 =C2=A0 =C2=A0 =C2=A0GS =C2=
=A0 =C2=A0 =C2=A0 =C2=A037902 =C2=A0 1500 =C2=A0 =C2=A0vlan200 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2 <br>7 =C2=A0 =C2=A0 =C2=A0 v4/reso=
lve 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0/resolve =C2=A0 =C2=A0 =
=C2=A0 =C2=A0HS =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A00 =C2=A016384 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0lo0 =C2=A0 =C2=A0vlan22 =C2=A0 =C2=A0 2 <br>8 =C2=
=A0 =C2=A0 =C2=A0 v4/resolve 10.4.102.129 =C2=A0 =C2=A0 =C2=A0 vlan22/resol=
ve =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 3 =C2=A0 =
1500 =C2=A0 =C2=A0 vlan22 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
2 <br>9 =C2=A0 =C2=A0 =C2=A0 v4/resolve 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0lo0/resolve =C2=A0 =C2=A0 =C2=A0 =C2=A01B =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A00 =C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2 <br>10 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 v4/gw 195.34.58.167 =C2=A0 =C2=A0 =C2=A0195.34.58.166 =C2=A0 =C2=A0=
=C2=A0GHS =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0 =C2=A0 1500 =C2=A0 =C2=A0vl=
an200 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 2 <br>11 =C2=A0 =C2=
=A0 =C2=A0v4/resolve 127.0.0.1 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0/resolv=
e =C2=A0 =C2=A0 =C2=A0 =C2=A0HS =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A00 =
=C2=A016384 =C2=A0 =C2=A0 =C2=A0 =C2=A0lo0ipsec10121 =C2=A0 =C2=A0 2 <br>12=
=C2=A0 =C2=A0 =C2=A0v4/resolve 195.34.58.167 =C2=A0 =C2=A0 =C2=A0vlan200/r=
esolve =C2=A0 =C2=A0S =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0 =C2=A0 15=
00 =C2=A0 =C2=A0vlan200 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 3 =
<br></div><div>=3D=3D=3D=3D=3D<br></div><div><br></div><div><br></div><div>=
If I changed "route_via_internal=3Dyes" at etc/strongswan.d/char=
on/kernel-pfkey.conf then no route like <a href=3D"http://0.0.0.0/1">0.0.0.=
0/1</a> or <a href=3D"http://128.0.0.0/1">128.0.0.0/1</a>; installed but net=
work still fails</div><div><br></div><div>The very same strongswan config w=
orks fine for many years on FreeBSD-11.=C2=A0=C2=A0 FreeBSD-13 has many cha=
nges at network stack and strongswan changed too.</div><div><br></div><div>=
Also I read=C2=A0 <a href=3D"https://bugs.freebsd.org/bugzilla/show_bug.cgi=
?id=3D255678">https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255678</a=
>=C2=A0 and <a href=3D"https://github.com/strongswan/strongswan/issues/910"=
>https://github.com/strongswan/strongswan/issues/910</a>; and its looks like=
strongswan/FreeBSD integration issue.</div><div><br></div><div><br></div><=
div>I'll appreciate any advice.=C2=A0 Thanks!</div><div><br></div><div>=
<span class=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature">CU,<br>Victor Gamov=
</div></div></div>
--000000000000e6984d0607aa97c2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPOOyvkH1WA0KMD1jBHPV_HiFpUZ-op9tjq-LtFOa6r2FtJhOA>