[strongSwan] IKEv2 passthrough
oliver.k11 at googlemail.com
Thu Nov 4 22:50:35 CET 2010
i tried already a manual set up without success. i tried this command:
ip xfrm policy add src 10.0.0.0/24 dst 10.0.0.0/24 dir out
ip xfrm policy add src 10.0.0.0/24 dst 10.0.0.0/24 dir in
ip xfrm policy add src 10.0.0.0/24 dst 10.0.0.0/24 dir fwd
(the internal network is 10.0.0.0/24)
is this enough or is a priority or something else needed?
2010/11/4 Andreas Steffen <andreas.steffen at strongswan.org>
> Hello Oliver,
> passthrough policies are not supported [yet] with IKEv2. You have
> to set them manually via ip xfrm policy add.
> On 11/04/2010 10:00 PM, Oliver wrote:
>> Hi all,
>> i try to migrate my ipsec settings from IKEv1 to IKEv2. With IKEv1
>> everything works fine. With IKEv2 my local subnet traffic does not
>> working while started tunnel. My running configuration is the same like
>> described there.
>> Is it possible to get passthrough working with IKEv2?
>> I tried also to set the passthrough policies manual up with the command
>> "ip xfrm policy add ...". While running the ipsec-tunnel the policies
>> shown with "ip xfrm policy" are the same in IKEv2 as IKEv1.
>> Thanks for any info
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users