[strongSwan] policy groups

[Michi Mutsuzaki]

Hi Martin,

>> how can I configure strongswan so that it never sends traffic in clear
>> text?
>
> Usually you can achieve this with a "routed" policy, i.e. one with the
> auto=route keyword to a rightsubnet=0.0.0.0/0. This will make sure no
> traffic leaves unencrypted. If no connection exists for the associated
> traffic, the kernel will trigger it.

Cool, this is exactly what I was looking for.

Thanks!
--Michi