[strongSwan-dev] Binding interfaces to IPsec

[Martin Willi]

Hi,

> I'm using StrongSWAN and I'd need to bind some interfaces to IPsec and
> not all of them. Is there any option to obtain this behavior?

No, binding to specific interfaces is currently not supported. Linux
handles ESP traffic independent from interfaces. For IKE, the daemon
currently binds on all interfaces. You could use firewalling to
block/allow IKE/ESP traffic on selected interfaces.

Regards
Martin