[strongSwan] some conceptual ipsec/iptables/policy questions

Christoph Anton Mitterer calestyo at scientia.net
Mon Oct 4 22:49:16 CEST 2010


Hey...

On Mon, 2010-10-04 at 19:17 +0200, Andreas Steffen wrote:
> > (And sorry for bugging you over and over again ;) )
> yeah, if the doctor is in, it will cost 50 cents ;-)
That's great... I mean,.. you're from Switzerland IIRC,... so you
probably know that in Germany visiting the doctor costs you at least 10€

But seriously,... I'd have no problems in donating some bugs to
strongswan development! :)


> >> src ::/0 dst ::/0 
> >> 	dir 3 priority 0 ptype main 
> >> src ::/0 dst ::/0 
> >> 	dir 4 priority 0 ptype main 
> >> src ::/0 dst ::/0 
> >> 	dir 3 priority 0 ptype main 
> >> src ::/0 dst ::/0 
> >> 	dir 4 priority 0 ptype main 
> >> src ::/0 dst ::/0 
> >> 	dir 3 priority 0 ptype main 
> >> src ::/0 dst ::/0 
> >> 	dir 4 priority 0 ptype main 
> >> src 0.0.0.0/0 dst 0.0.0.0/0 
> >> 	dir 3 priority 0 ptype main 
> >> src 0.0.0.0/0 dst 0.0.0.0/0 
> >> 	dir 4 priority 0 ptype main 
> >> src 0.0.0.0/0 dst 0.0.0.0/0 
> >> 	dir 3 priority 0 ptype main 
> >> src 0.0.0.0/0 dst 0.0.0.0/0 
> >> 	dir 4 priority 0 ptype main 
> >> src 0.0.0.0/0 dst 0.0.0.0/0 
> >> 	dir 3 priority 0 ptype main 
> >> src 0.0.0.0/0 dst 0.0.0.0/0 
> >> 	dir 4 priority 0 ptype main 
> > => What are these (dir 3 and 4) and why does each rule appear twice?
> >
> These are policies that exempt the IKE protocol (ports 500 and 4500)
> from tunneling.
But this just excepts udp 500/4500 or what?


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101004/e33a86fb/attachment.bin>


More information about the Users mailing list