[strongSwan] Can I select a specific type for a specific protocol

Martin Willi martin at strongswan.org
Mon Aug 9 10:53:24 CEST 2010

> Is it possible to select specific type like type 135 (Neighbor 
> Solicitation) to be encrypted/bypass?

ICMP subtypes can be specified as a port in leftprotoport, i.e. icmp/8
will encapsulate ICMPv4 echo requests only. I haven't tested this
extensively, though, and I'm not sure if this works for IPv6.

Unlike in the IKEv1 daemon, we currently do not support bypass policies
in IKEv2. But you may install such a bypass policy manually using "ip


More information about the Users mailing list