[strongSwan] One way policy addition/deletion
Karl Beldan
karl.beldan at gmail.com
Thu Oct 28 14:46:37 CEST 2010
Hi,
Here is the situation : {
192.168.0.1-AAA === 192.168.0.2-BBB
192.168.0.1:
ipsec.conf :
conn host-host
left=192.168.0.1
leftprotoport=icmp
leftcert=moonCert.pem
right=192.168.0.2
rightprotoport=icmp
auto=route
192.168.0.2:
No strongswan related stuff.
}
Doing: {
AAA>$ ipsec start
I get a policy:
src 192.168.0.1/32 dst 192.168.0.2/32 proto icmp
dir out priority 2080
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
BBB>$ ping 192.168.0.1
}
Triggers Acquire-Updated-Deleted events for this policy.
Doing the same thing but performing
AAA>$ ping 192.168.0.2
right before
BBB>$ ping 192.168.0.1
Triggers Acquire-Updated (and no Deleted) events for this policy.
I tried with strongswan-4.4.1 and 4.3.4 and AAA is Linux 2.6.36+.
I wonder
1) why strongswan installs only one xfrm policy i.e AAA->BBB and no BBB->AAA.
2) why the policy gets deleted.
Is it normal behavior ?
Thanks for your Input.
Cheers,
--
Karl Beldan
More information about the Users
mailing list