[strongSwan-dev] What is the purpose of kernel's IPsec IN policies?

Martin Willi martin at strongswan.org
Wed Jul 30 08:55:24 CEST 2014


> But what is the purpose of IPsec IN policy?

The IN policy allows you to limit the traffic to a given selector for
encrypted packets coming over a tunnel. If you want to restrict incoming
traffic to certain ports or protocols, the IN policy takes care for
filtering that.

According to your tests it seems that Linux accepts incoming traffic if
no policy exists for an SA, but an existing policy would allow you to
limit traffic allowed for that tunnel.


More information about the Dev mailing list