How does strongswan route?



  • When raccoon was used in previous versions of pfSense, and you had a supernet (eg. 10.0.0.0/16) in the IPSec. And you had a local network in that range (eg 10.0.10.0/24) locally, pfSense sent the traffic over the IPSec link instead of the Link-local.

    How is this handled now with newer pfSense-versions and strongswan?


  • Rebel Alliance Developer Netgate

    It still works the same way, except there is a bypass for the LAN network itself.

    Otherwise it still matches based on the contents of the SPD table (Status > IPsec, SPD tab). If a connection matches the SPD table entries, it's put into IPsec. There is no "routing" in the classical sense.


Log in to reply