[strongSwan] except certain protocols from IPsec encryption
Andreas Steffen
andreas.steffen at strongswan.org
Thu Aug 4 21:31:51 CEST 2011
Hello Nerijus,
what do you mean by via the ipsec tunnel? Authentication only?
If yes then just define a second connection for the GRE protocol
with NULL encryption and ESP authentication:
conn gre
leftprotoport=gre
rightprotoport=gre
esp=null-sha1!
also=tunnel
auto=add
conn traffic
esp=aes128-sha1!
also=tunnel
auto=add
conn tunnel
#define common parameters here
Regards
Andreas
On 08/04/2011 05:24 PM, Nerijus Baliunas wrote:
> Hello,
>
>> From 4.5.3 changelog:
> The IKEv2 charon daemon allows one to define PASS and DROP shunt
> policies that, for example, prevent local traffic from going through
> IPsec connections or except certain protocols from IPsec encryption.
>
> I want to except GRE protocol from IPsec encryption, but want it to
> go via ipsec tunnel (only unencrypted). Is it possible?
>
> Regards, Nerijus
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list