aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c5
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c5
2 files changed, 10 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 25878addf..5b869e78b 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2171,6 +2171,11 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
hydra->daemon),
);
+ if (streq(hydra->daemon, "pluto"))
+ { /* no routes for pluto, they are installed via updown script */
+ this->install_routes = FALSE;
+ }
+
/* disable lifetimes for allocated SPIs in kernel */
fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
if (fd)
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index b4e64b61f..f5786447b 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2137,6 +2137,11 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
hydra->daemon),
);
+ if (streq(hydra->daemon, "pluto"))
+ { /* no routes for pluto, they are installed via updown script */
+ this->install_routes = FALSE;
+ }
+
/* create a PF_KEY socket to communicate with the kernel */
this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
if (this->socket <= 0)