Because events are received asynchronously installing e.g. lots of policies
may require a larger buffer than the default on certain platforms in order
to receive all messages.
+
+charon.plugins.kernel-pfkey.route_via_internal = no
+ Whether to use the internal or external interface in installed routes.
+
+ Whether to use the internal or external interface in installed routes.
+ The internal interface is the one where the IP address contained in the
+ local traffic selector is located, the external interface is the one over
+ which the destination address of the IPsec tunnel can be reached.
+ This is not relevant if virtual IPs are used, for which a TUN device is
+ created that's used in the routes.
*/
bool install_routes;
+ /**
+ * whether to install the route via internal interface
+ */
+ bool route_via_internal;
+
/**
* mutex to lock access to the PF_KEY socket
*/
/* if the IP is virtual, we install the route over the interface it has
* been installed on. Otherwise we use the interface we use for IKE, as
* this is required for example on Linux. */
- if (is_virtual)
+ if (is_virtual || this->route_via_internal)
{
free(route->if_name);
route->if_name = NULL;
.install_routes = lib->settings->get_bool(lib->settings,
"%s.install_routes", TRUE,
lib->ns),
+ .route_via_internal = lib->settings->get_bool(lib->settings,
+ "%s.plugins.kernel-pfkey.route_via_internal",
+ FALSE, lib->ns),
);
if (streq(lib->ns, "starter"))