Re: IPSec tunnels with main site prefix overlapping remote site networks no long works in v1.8

---

UBNT-Fenng wrote:

It is  'rule 220', not 'table 220'.

I don't understand why the rule 220 is there.

---

It comes from strongSwan

root@router:~# ip rule list
0:      from all lookup local 
201:    from all fwmark 0x64800000/0x7f800000 lookup 201 
202:    from all fwmark 0x65000000/0x7f800000 lookup 202 
220:    not from all fwmark 0xffffffff lookup 220 
254:    from all fwmark 0x7f000000/0x7f800000 lookup main 
32766:  from all lookup main 
32767:  from all lookup default 

root@router:~# show ip route table 220
192.168.6.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.7.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.40.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.41.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.42.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.50.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.70.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1 
192.168.100.0/24 via 135.23.39.1 dev eth0  proto static  src 192.168.33.1