[strongSwan] IKEv2 passthrough

Oliver oliver.k11 at googlemail.com
Thu Nov 4 22:50:35 CET 2010


Hi Andreas,

i tried already a manual set up without success. i tried this command:

ip xfrm policy add src 10.0.0.0/24 dst 10.0.0.0/24 dir out
ip xfrm policy add src 10.0.0.0/24 dst 10.0.0.0/24 dir in
ip xfrm policy add src 10.0.0.0/24 dst 10.0.0.0/24 dir fwd

(the internal network is 10.0.0.0/24)

is this enough or is a priority or something else needed?


2010/11/4 Andreas Steffen <andreas.steffen at strongswan.org>

> Hello Oliver,
>
> passthrough policies are not supported [yet] with IKEv2. You have
> to set them manually via ip xfrm policy add.
>
> Regards
>
> Andreas
>
> On 11/04/2010 10:00 PM, Oliver wrote:
>
>> Hi all,
>>
>> i try to migrate my ipsec settings from IKEv1 to IKEv2. With IKEv1
>> everything works fine. With IKEv2 my local subnet traffic does not
>> working while started tunnel. My running configuration is the same like
>> described there.
>> http://www.strongswan.org/uml/testresults/ikev1/passthrough/
>>
>> Is it possible to get passthrough working with IKEv2?
>>
>> I tried also to set the passthrough policies manual up with the command
>> "ip xfrm policy add ...". While running the ipsec-tunnel the policies
>> shown with "ip xfrm policy" are the same in IKEv2 as IKEv1.
>>
>> Thanks for any info
>>
>> Oliver
>>
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101104/800fa498/attachment-0001.html>


More information about the Users mailing list