Hi Vladimir, > It may be possible I am only one who encounter this problem, because of very > unusual configuration: > > leftsubnet = 192.168.0.0/24 > rightsubnet = 0.0.0.0/0 > > With this configuration I had a problem in version 4.5 also, but I have solved > it by deleting second default route from table 220.
What exactly is the point of rightsubnet=0.0.0.0/0 if you don't want to tunnel everything? How does your network topology look like? > With this configuration the machine where this strongswan is > running announces all address of local network 192.168.0.0/24 as it's own, so > all IP address becomes binded with the same MAC address and network stops > working: nobody can connect each other. That's due to the farp plugin that is enabled by default in the Debian package. With rightsubnet=0.0.0.0/0 It will fake ARP responses for every IP address, which is certainly not optimal. Try disabling the plugin by specifying a custom list of plugins with the charon.load option in strongswan.conf (you can use the list returned in 'ipsec statusall' as template, just remove the farp plugin from it). Regards, Tobias -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
