<div dir="ltr">Hello , <div><br></div><div>After adding the below policy rule, i see that the icmp packets where getting forwarded to net1 and sent out, however the reply was not getting forwarded back to lan1 interface.</div><div>ip xfrm policy add src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a> proto icmp dir fwd priority 0 action allow <br></div><div><br></div><div>Thanks,</div><div>Naveen</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 22, 2016 at 8:02 PM, Naveen Neelakanta <span dir="ltr"><<a href="mailto:naveen.b.neelakanta@gmail.com" target="_blank">naveen.b.neelakanta@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
Is it possible to configure strongswan not to add the below default<br>
policy rules.<br>
I am running strong swan in TEST namespace on linux and i don't see<br>
the arp working from the root name space to namespace interface. I<br>
would like to know why ARP between the root namespace and Test<br>
namespace is not working if i have the below policy rules. i have used<br>
veth pair to connect namespace and root .<br>
<br>
src <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a><br>
socket in priority 0<br>
src <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a><br>
socket out priority 0<br>
src <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a><br>
socket in priority 0<br>
src <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a><br>
socket out priority 0<br>
src ::/0 dst ::/0<br>
socket in priority 0<br>
src ::/0 dst ::/0<br>
socket out priority 0<br>
src ::/0 dst ::/0<br>
socket in priority 0<br>
src ::/0 dst ::/0<br>
socket out priority 0<br>
<br>
Thanks,<br>
Naveen<br>
</blockquote></div><br></div>