[strongSwan] Possibly a bug in charon when auto=start
Martin Willi
martin at strongswan.org
Tue Mar 2 14:16:04 CET 2010
Hi,
> This means that we can access each other directly without IPsec while
> charon is setting up the tunnel. And when I set "auto=route" - charon
> works ok and filters unsecured packets back and forth.
Yes, this is the intended behavior. auto=start does not install policies
until the tunnel has been negotiated. auto=route installs the policies
and triggers a tunnel when required.
If you insist of protecting your packets, you'll have to stick to
auto=route; there is currently no route+start option.
Regards
Martin
More information about the Users
mailing list