[Swan] XFRMi Interface route based IPSec with right=%any

Paul Wouters paul at nohats.ca
Wed Apr 29 01:18:44 UTC 2020

On Tue, 28 Apr 2020, Rav Ya wrote:

> Setting all the connections to "overlapip=yes" did not help. I am still seeing the same “route
> already in use” error.
> Any other suggestions? or workaround that might work?

No, then I think we need to look at it more to properly fix it.

> If I understand correctly the next release (v3.32) will not have the legacy KLIPS and shall support
> overlapping IPs. Is there a rollout date for the next release?
> Also, if I build the master branch I should not see this issue. Right?

git master has KLIPS removed, but the POLICY_OVERLAPIP code hasn't been
removed yet. I have to have a look again at what needs to be changed
to avoid the eroute in use issue. The problem is, we still don't want
to have two independent (non-xfrmi) connections up that can conflict
about a range, and accidentally sent traffic from one tunnel to another
unrelated tunnel.


More information about the Swan mailing list