[strongSwan] Specifying kernel policy priority in ipsec.conf file
divya mohan
m.divya.mohan at zoho.com
Mon Aug 11 08:12:12 CEST 2014
Hi,
Even with latest stronsgwan version (for IKEv2), the internal
calculation for kernel policy priority (based on source/destination
mask/port, protocol etc), is not helping for fine tuning the
priorities.
Also, the priority getting modified once CHILD_SA is established makes
it difficult for the user to manipulate connections which have
overlapping policies.
[ Discussed here:
https://lists.strongswan.org/pipermail/users/2014-July/006346.html ]
Was the idea of specifying kernel policy priority per connection, in
the ipsec.conf file ever considered? (Cisco routers allow this.)
Could you please provide your opinion on whether you see any blocking
problems if such an attempt is made.
- Divya
More information about the Users
mailing list