<html><div id="eml-cke__body" title="">I have heard that with strongSwan IPsec drop policies (similar to passthrough policies) it should be possible to configure a kill switch as with OpenVPN.<br />
<br />
Passtrough policies: <a href="https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples#Passthrough-policy">https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples#Passthrough-policy</a><br />
<br />
Is it possible to block everything with IPsec drop policies and allow only IPsec IKEv2 traffic?<br />
<br />
And how do I configure this for OpenWRT?<br />
<br />
My last IPsec IKEv2 settings are here: <a href="https://wiki.strongswan.org/issues/3291">https://wiki.strongswan.org/issues/3291</a><br />
<br />
Best regards<br />
<br />
Bernd</div>

<div id="eml-cke__signature_top" title="Signature">
<div class="eml-cke__signature" id="eml-cke__signature_top-wrap" title=""> </div>
</div>

<div id="eml-cke__signature_bottom" title="Signature"> </div>
</html>