[strongSwan] ipsec policy priority
Max Avramenko
a_max at avramenko.me
Tue Oct 15 15:31:57 CEST 2013
Hello
Have some questions
LAN 192.168.3.0/24
and tunnels
1. 192.168.0.0/18
2. 192.168.5.0/24
As result have policy:
>src 192.168.3.0/24 dst 192.168.5.0/24
> dir out priority 1859
> tmpl src 77.72.134.75 dst 195.96.165.70
> proto esp reqid 16412 mode tunnel
>src 192.168.3.0/24 dst 192.168.0.0/18
> dir out priority 1859
> tmpl src 77.xx.xx.xx dst 109.yy.yy.yy
> proto esp reqid 16416 mode tunnel
Problem 1:
trafic to local IP are forwarded in tunnel. I'm manualy add several
policy for workaround:
>src 192.168.3.0/24 dst 192.168.3.0/24
> dir out priority 100
>src 192.168.3.0/24 dst 192.168.3.0/24
> dir fwd priority 100
>src 192.168.3.0/24 dst 192.168.3.0/24
> dir in priority 100
Problem 2:
Sometime the priority of policy to 192.168.0.0/18 is below that
192.168.5.0/24. And traffic for 192.168.5.0/24 are forwarded in tunnel
for 192.168.0.0/18
Please give smart tips on how to proceed in solving the second problem.
And, perhaps, there is a right decision for the first one?
More information about the Users
mailing list