[strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based Firewall Rules

kvunnava at rockwellcollins.com kvunnava at rockwellcollins.com
Tue Aug 23 16:38:02 CEST 2011 

Thanks Andreas.
We have Made some progress by following these steps...

1] Created a Static Firewall Policy allowing Traffic for UDP port 500.PFA 
Configuration File for Strongswan.
2] It is Noticed that Tunnel was established by dynamically adding a 
Matching policy for IPSEC.
3] Now the Requirement is to send Only SSH/TFTP Encrypted Traffic over 
this Tunnel.

Can You please let me know the Steps to achieve the Last Requirement ?? 
Also Please note that this Traffic not to be allowed once the Tunnel went 
down.



Looking forward for the reply!!!

-Best Regards,
VKS.




Andreas Steffen <andreas.steffen at strongswan.org> 
08/23/2011 01:39 AM

To
kvunnava at rockwellcollins.com
cc
users at lists.strongswan.org
Subject
Re: [strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based 
Firewall Rules






IPsec policy based  rules are installed with the standard _updown
script which is activated with the ipsec.conf parameter

  leftfirewall=yes

Regards

Andreas

On 08/22/2011 05:05 PM, kvunnava at rockwellcollins.com wrote:
> 
> Hi Guys,
> we have a requirement related to IPSEC-Policy-based Firewall Rules.
> 
> Steps we followed:
> 1] Configured the ipsec.conf with the parameter "leftupdown=<Script 
Path>".
> 2] Created the script and kept it at right place.
> 
> Once the IKEv1 based Tunnel was UP; it was expected that Execution of
> script to be happen.But thats Not happening.
> 
> Please let me know the Right way to Configure the "Automatic
> Addition/Deletion of Ipsec-Policy-based Firewall Rules".
> 
> -Thanks in Advance,
> VKS.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110823/bb882063/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: IPSEC_Configuraton.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110823/bb882063/attachment.txt>

More information about the Users mailing list