Hi Andreas,<br><br>i tried already a manual set up without success. i tried this command:<br><br>ip xfrm policy add src <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> dst <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> dir out<br>
ip xfrm policy add src <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> dst <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> dir in<br>
ip xfrm policy add src <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> dst <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> dir fwd<br><br>(the internal network is <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>)<br>
<br>is this enough or is a priority or something else needed?<br>
<br><br><div class="gmail_quote">2010/11/4 Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hello Oliver,<br>
<br>
passthrough policies are not supported [yet] with IKEv2. You have<br>
to set them manually via ip xfrm policy add.<br>
<br>
Regards<br>
<br>
Andreas<br>
<br>
On 11/04/2010 10:00 PM, Oliver wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi all,<br>
<br>
i try to migrate my ipsec settings from IKEv1 to IKEv2. With IKEv1<br>
everything works fine. With IKEv2 my local subnet traffic does not<br>
working while started tunnel. My running configuration is the same like<br>
described there.<br>
<a href="http://www.strongswan.org/uml/testresults/ikev1/passthrough/" target="_blank">http://www.strongswan.org/uml/testresults/ikev1/passthrough/</a><br>
<br>
Is it possible to get passthrough working with IKEv2?<br>
<br>
I tried also to set the passthrough policies manual up with the command<br>
"ip xfrm policy add ...". While running the ipsec-tunnel the policies<br>
shown with "ip xfrm policy" are the same in IKEv2 as IKEv1.<br>
<br>
Thanks for any info<br>
<br>
Oliver<br>
</blockquote>
<br>
======================================================================<br><font color="#888888">
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
</font></blockquote></div><br>