[strongSwan] IKEv2 passthrough

Oliver oliver.k11 at googlemail.com
Thu Nov 4 22:50:35 CET 2010

Hi Andreas,

i tried already a manual set up without success. i tried this command:

ip xfrm policy add src dst dir out
ip xfrm policy add src dst dir in
ip xfrm policy add src dst dir fwd

(the internal network is

is this enough or is a priority or something else needed?

2010/11/4 Andreas Steffen <andreas.steffen at strongswan.org>

> Hello Oliver,
> passthrough policies are not supported [yet] with IKEv2. You have
> to set them manually via ip xfrm policy add.
> Regards
> Andreas
> On 11/04/2010 10:00 PM, Oliver wrote:
>> Hi all,
>> i try to migrate my ipsec settings from IKEv1 to IKEv2. With IKEv1
>> everything works fine. With IKEv2 my local subnet traffic does not
>> working while started tunnel. My running configuration is the same like
>> described there.
>> http://www.strongswan.org/uml/testresults/ikev1/passthrough/
>> Is it possible to get passthrough working with IKEv2?
>> I tried also to set the passthrough policies manual up with the command
>> "ip xfrm policy add ...". While running the ipsec-tunnel the policies
>> shown with "ip xfrm policy" are the same in IKEv2 as IKEv1.
>> Thanks for any info
>> Oliver
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101104/800fa498/attachment-0001.html>

More information about the Users mailing list