Based on the examples found in strongswan
we need to specific the source IP for our routes through an IPsec VPN.
If we have no source IP (a router can route packages
which do not belong to the network assigned to our zones) we set no routes,
but clients can still use the tunnel.
For IPsec VPNs in tunnel mode we
also need the device which has the ${PLUTO_ME} IP address asigned.
The source IP is determined ip_get_assigned_addresses_from_net()
the device is determined by the device_get_by_ip_address() function.
For tunnel mode see:
https://www.strongswan.org/testing/testresults/ipv6-stroke/net2net-ip4-in-ip6-ikev2/moon.ip.route
Fixes: #11629 Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ms / network.git / commit
