Site-to-site IPSec - routing issue

ZADM · December 3, 2019, 9:56am

Hello community,

I’ve upgraded the firewall from 1.1.7 to 1.2.0 version and we faced an issue where all the ipsec site-to-site vpn didn’t work correctly
The issue is that strongswan doesn’t inject the remote prefix in the routing table
I workaround the issue by creating a static routes and it works fine

Can someone explain me why the routes are not injected correctly ?

Regards

Dmitry · December 3, 2019, 11:11am

Hello @ZADM, can you check table 220?
sudo ip route show table 220
And provide please config for reproducing this
show configuration commands | match vpn

zsdc · December 3, 2019, 12:06pm

Hi, @ZADM!

Provide, please, the full VPN configuration (you can mask addresses and keys) to we can reproduce issue.