
<p class="MsoNormal"><span style="color:#17365d">Hi,</span></p>


<p class="MsoNormal"><b><span style="color:#17365d"><br></span></b></p><p class="MsoNormal"><b><span style="color:#17365d">Strongswan : 4.5.3 </span></b></p><p class="MsoNormal"><b><span style="color:#17365d"><br></span></b></p>


<p class="MsoNormal"><span style="color:#17365d"> Strongswan establishing the IKE SA with by-pass

policy configured on the other end. </span></p><p class="MsoNormal"><span style="color:#17365d"><br></span></p>


<p class="MsoNormal"><b><span style="color:#17365d">Could anybody explain

me the reason for this? </span></b></p>


<p class="MsoNormal"><span style="color:#17365d"> </span></p>


<p class="MsoNormal"><b><span style="color:#548dd4">NODE A</span></b><span style="color:#17365d">  </span><span style="font-family:Wingdings;color:#17365d">ß</span><span style="color:#17365d">-----------------------------------------------------------------------</span><span style="font-family:Wingdings;color:#17365d">à</span><span style="color:#76923c">NODE

B</span></p>


<p class="MsoNormal"><span style="color:#17365d">(Initiator &

Responder)                                                                   

(Initiator & Responder)</span></p>


<p class="MsoNormal"><span style="color:#17365d"> </span></p>


<p class="MsoNormal"><span style="color:#17365d">NODE A ---</span><span style="font-family:Wingdings;color:#17365d">à</span><span style="color:#17365d"> conn403 <span style="background:yellow">is configured</span> in NODE A</span></p>


<p class="MsoNormal"><span style="color:#17365d">NODE B  --</span><span style="font-family:Wingdings;color:#17365d">à</span><span style="color:#17365d"> conn403 <span style="background:red">is not configured</span> in NODE B, <span style="background:red">conn0</span> (bypass Policy)

configured </span></p>


<p class="MsoNormal"><span style="color:#17365d"> </span></p>


<p class="MsoNormal"><br></p>


<p class="MsoNormal"><span style="color:#17365d"><snip> <span style="background:red">NODE B</span></span></p>


<p class="MsoNormal"><span style="color:#17365d"> conn conn0</span></p>


<p class="MsoNormal"><span style="color:#17365d">  type=passthrough</span></p>


<p class="MsoNormal"><span style="color:#17365d"> 

leftsubnet=<a href="http://5.5.5.5/32">5.5.5.5/32</a></span></p>


<p class="MsoNormal"><span style="color:#17365d"> 

rightsubnet=<a href="http://50.1.1.10/24">50.1.1.10/24</a></span></p>


<p class="MsoNormal"></snip></p>


<p class="MsoNormal"><span style="color:#17365d"> </span></p>


<p class="MsoNormal"><span style="color:#17365d"><snip> <b><span style="background:yellow">NODE A</span></b></span></p>


<p class="MsoNormal"><span style="color:#17365d">conn conn403</span></p>


<p class="MsoNormal"><span style="color:#17365d">  type=tunnel</span></p>


<p class="MsoNormal"><span style="color:#17365d">  leftsubnet=<a href="http://4.1.1.1/32">4.1.1.1/32</a></span></p>


<p class="MsoNormal"><span style="color:#17365d">  rightsubnet=<a href="http://40.1.1.100/24">40.1.1.100/24</a></span></p>


<p class="MsoNormal"><span style="color:#17365d">  left=4.1.1.1</span></p>


<p class="MsoNormal"><span style="color:#17365d">  right=4.1.1.10</span></p>


<p class="MsoNormal"><span style="color:#17365d">  keyexchange=ikev2</span></p>


<p class="MsoNormal"><span style="color:#17365d"> reauth=no</span></p>


<p class="MsoNormal"><span style="color:#17365d">  ike=aes128-sha1-modp1024,3des-sha1-modp1024!</span></p>


<p class="MsoNormal"><span style="color:#17365d">  ikelifetime=84395s</span></p>


<p class="MsoNormal"><span style="color:#17365d">  esp=aes128-sha1,3des-sha1!</span></p>


<p class="MsoNormal"><span style="color:#17365d">  authby=pubkey</span></p>


<p class="MsoNormal"><span style="color:#17365d">  rightid=%any</span></p>


<p class="MsoNormal"><span style="color:#17365d">  leftid="192.168.255.129"</span></p>


<p class="MsoNormal"><span style="color:#17365d">  keylife=86400s</span></p>


<p class="MsoNormal"><span style="color:#17365d">  dpdaction=restart</span></p>


<p class="MsoNormal"><span style="color:#17365d">  dpddelay=10</span></p>


<p class="MsoNormal"><span style="color:#17365d">  dpdtimeout=120</span></p>


<p class="MsoNormal"><span style="color:#17365d">  rekeyfuzz=50%</span></p>


<p class="MsoNormal"><span style="color:#17365d">  rekeymargin=180s</span></p>


<p class="MsoNormal"><span style="color:#17365d"></snip></span></p>


<p class="MsoNormal"> </p>


<p class="MsoNormal"><span style="color:#17365d">Thanks in advance. </span></p>


<p class="MsoNormal"> </p>


<p class="MsoNormal"><span style="color:#17365d">-Jegathesh</span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#17365d"> </span></p>