[strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based Firewall Rules
Andreas Steffen
andreas.steffen at strongswan.org
Tue Aug 23 20:23:56 CEST 2011
Hello,
define two connections, one restricting the protocol to ssh
and the second one to tftp:
conn ssh
also=hosts
leftprotoport=tcp
rightprotoport=tcp/ssh
auto=add
conn tftp
also=hosts
leftprotoport=udp
rightprotoport=udp/tftp
conn host
left=
right=
#common definitions
Regards
Andreas
On 23.08.2011 16:38, kvunnava at rockwellcollins.com wrote:
>
> Thanks Andreas.
> We have Made some progress by following these steps...
>
> 1] Created a Static Firewall Policy allowing Traffic for UDP port
> 500.*PFA Configuration File* *for Strongswan*.
> 2] It is Noticed that Tunnel was established by dynamically adding a
> Matching policy for IPSEC.
> 3] Now the Requirement is to send Only SSH/TFTP Encrypted Traffic over
> this Tunnel.
>
> Can You please let me know the Steps to achieve the Last Requirement ??
> Also Please note that this Traffic not to be allowed once the Tunnel
> went down.
>
>
>
> Looking forward for the reply!!!
>
> -Best Regards,
> VKS.
>
>
>
> *Andreas Steffen <andreas.steffen at strongswan.org>*
>
> 08/23/2011 01:39 AM
>
>
> To
> kvunnava at rockwellcollins.com
> cc
> users at lists.strongswan.org
> Subject
> Re: [strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based
> Firewall Rules
>
>
>
>
>
>
>
>
> IPsec policy based rules are installed with the standard _updown
> script which is activated with the ipsec.conf parameter
>
> leftfirewall=yes
>
> Regards
>
> Andreas
>
> On 08/22/2011 05:05 PM, kvunnava at rockwellcollins.com wrote:
>>
>> Hi Guys,
>> we have a requirement related to IPSEC-Policy-based Firewall Rules.
>>
>> Steps we followed:
>> 1] Configured the ipsec.conf with the parameter "leftupdown=<Script
> Path>".
>> 2] Created the script and kept it at right place.
>>
>> Once the IKEv1 based Tunnel was UP; it was expected that Execution of
>> script to be happen.But thats Not happening.
>>
>> Please let me know the Right way to Configure the "Automatic
>> Addition/Deletion of Ipsec-Policy-based Firewall Rules".
>>
>> -Thanks in Advance,
>> VKS.
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list