[strongSwan] One way policy addition/deletion
Martin Willi
martin at strongswan.org
Thu Oct 28 15:42:14 CEST 2010
Hi Karl,
> 1) why strongswan installs only one xfrm policy i.e AAA->BBB and no BBB->AAA.
I get three xfrm policies here (in/out/fwd), "ip xfrm policy" shows:
> src 10.2.0.0/16 dst 10.1.0.0/16
> dir fwd priority 2840 ptype main
> tmpl src 192.168.0.2 dst 192.168.0.1
> proto esp reqid 1 mode tunnel
> src 10.2.0.0/16 dst 10.1.0.0/16
> dir in priority 2840 ptype main
> tmpl src 192.168.0.2 dst 192.168.0.1
> proto esp reqid 1 mode tunnel
> src 10.1.0.0/16 dst 10.2.0.0/16
> dir out priority 2840 ptype main
> tmpl src 192.168.0.1 dst 192.168.0.2
> proto esp reqid 1 mode tunnel
> [...]
> 2) why the policy gets deleted.
Can't reproduce this, neither. I just see acquire/update events in
"ip xfrm monitor".
Regards
Martin
More information about the Users
mailing list