[strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based Firewall Rules
andreas.steffen at strongswan.org
Tue Aug 23 20:23:56 CEST 2011
define two connections, one restricting the protocol to ssh
and the second one to tftp:
On 23.08.2011 16:38, kvunnava at rockwellcollins.com wrote:
> Thanks Andreas.
> We have Made some progress by following these steps...
> 1] Created a Static Firewall Policy allowing Traffic for UDP port
> 500.*PFA Configuration File* *for Strongswan*.
> 2] It is Noticed that Tunnel was established by dynamically adding a
> Matching policy for IPSEC.
> 3] Now the Requirement is to send Only SSH/TFTP Encrypted Traffic over
> this Tunnel.
> Can You please let me know the Steps to achieve the Last Requirement ??
> Also Please note that this Traffic not to be allowed once the Tunnel
> went down.
> Looking forward for the reply!!!
> -Best Regards,
> *Andreas Steffen <andreas.steffen at strongswan.org>*
> 08/23/2011 01:39 AM
> kvunnava at rockwellcollins.com
> users at lists.strongswan.org
> Re: [strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based
> Firewall Rules
> IPsec policy based rules are installed with the standard _updown
> script which is activated with the ipsec.conf parameter
> On 08/22/2011 05:05 PM, kvunnava at rockwellcollins.com wrote:
>> Hi Guys,
>> we have a requirement related to IPSEC-Policy-based Firewall Rules.
>> Steps we followed:
>> 1] Configured the ipsec.conf with the parameter "leftupdown=<Script
>> 2] Created the script and kept it at right place.
>> Once the IKEv1 based Tunnel was UP; it was expected that Execution of
>> script to be happen.But thats Not happening.
>> Please let me know the Right way to Configure the "Automatic
>> Addition/Deletion of Ipsec-Policy-based Firewall Rules".
>> -Thanks in Advance,
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users