[strongSwan] Drop data traffic if ipsec is not present
andreas.steffen at strongswan.org
Tue Aug 2 11:20:43 CEST 2016
leftfirewall=yes is the right way to go. Just set up a
general drop policy with iptables, just allowing IKE
traffic via UDP ports 500 and 4500 as well as allowing
ESP (IP protocol 50). Also make sure that the updown
plugin is loaded by the charon daemon.
On 01.08.2016 09:21, Sarat Vajrapu wrote:
> I am trying a lab setup with IPsec between two nodes.
> Is there a way where I can send/receive data packets only if ipsec is
> UP, else just drop the traffic?
> I tried "leftfirewall" option but it did not help me.
> Your inputs are highly appreciated.
> Users mailing list
> Users at lists.strongswan.org
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users