VPN/IPsec - disable charon.install_routes at all in case anyone upstream would implement it for FreeBSD at some point int time, the feature itself only seems to be relevant for linux:

* e09bc70d12/configure.ac (L63) * https://github.com/strongswan/strongswan/search?q=routing_table
2026-03-16 01:24:38 +00:00 · 2022-12-20 10:07:46 +01:00 · 2022-12-20 10:07:46 +01:00 · c13f8dd987
commit c13f8dd987
parent de85da9956
2 changed files with 1 additions and 21 deletions
--- a/src/etc/inc/plugins.inc.d/ipsec.inc
+++ b/src/etc/inc/plugins.inc.d/ipsec.inc
@ -947,9 +947,7 @@ function ipsec_write_strongswan_conf()
        }
    }

-    if (!empty($config['ipsec']['auto_routes_disable'])) {
-        $strongswanTree['charon']['install_routes'] = 'no';
-    }
+    $strongswanTree['charon']['install_routes'] = 'no';
    if (isset($a_client['enable']) && isset($a_client['net_list'])) {
        $strongswanTree['charon']['cisco_unity'] = 'yes';
    }
--- a/src/www/vpn_ipsec_settings.php
+++ b/src/www/vpn_ipsec_settings.php
@ -39,7 +39,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $pconfig  = array();
    $pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']);
    $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
-    $pconfig['auto_routes_disable'] = isset($config['ipsec']['auto_routes_disable']);
    $pconfig['max_ikev1_exchanges'] = !empty($config['ipsec']['max_ikev1_exchanges']) ? $config['ipsec']['max_ikev1_exchanges'] : null;
    if (!empty($config['ipsec']['passthrough_networks'])) {
        $pconfig['passthrough_networks'] = explode(',', $config['ipsec']['passthrough_networks']);
@ -103,11 +102,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        } elseif (isset($config['ipsec']['passthrough_networks'])) {
            unset($config['ipsec']['passthrough_networks']);
        }
-        if (!empty($pconfig['auto_routes_disable'])) {
-            $config['ipsec']['auto_routes_disable'] = true;
-        } elseif (isset($config['ipsec']['auto_routes_disable'])) {
-            unset($config['ipsec']['auto_routes_disable']);
-        }

        if (!empty($pconfig['max_ikev1_exchanges'])) {
            $config['ipsec']['max_ikev1_exchanges'] = $pconfig['max_ikev1_exchanges'];
@ -203,18 +197,6 @@ if (isset($input_errors) && count($input_errors) > 0) {
                        </div>
                      </td>
                    </tr>
-                    <tr>
-                      <td><a id="help_for_auto_routes_disable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Do not install routes"); ?></td>
-                      <td style="width:78%" class="vtable">
-                        <input name="auto_routes_disable" type="checkbox" id="auto_routes_disable" value="yes" <?= !empty($pconfig['auto_routes_disable']) ? "checked=\"checked\"" : "";?> />
-                        <strong><?=gettext("Do not automatically install routes"); ?></strong>
-                        <div class="hidden" data-for="help_for_auto_routes_disable">
-                            <?=gettext("By default, IPsec installs routes when a tunnel becomes active. " .
-                                                  "Select this option to prevent automatically adding routes" .
-                                                  " to the system routing table. See charon.install_routes"); ?>
-                        </div>
-                      </td>
-                    </tr>
                    <tr>
                      <td><a id="help_for_max_ikev1_exchanges" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Maximum IKEv1 phase 2 exchanges"); ?></td>
                      <td style="width:78%" class="vtable">