[strongSwan] Possibly a bug in charon when auto=start

Martin Willi martin at strongswan.org
Tue Mar 2 14:16:04 CET 2010


> This means that we can access each other directly without IPsec while
> charon is setting up the tunnel. And when I set "auto=route" - charon
> works ok and filters unsecured packets back and forth.

Yes, this is the intended behavior. auto=start does not install policies
until the tunnel has been negotiated. auto=route installs the policies
and triggers a tunnel when required.

If you insist of protecting your packets, you'll have to stick to
auto=route; there is currently no route+start option.


More information about the Users mailing list