[strongSwan] Drop data traffic if ipsec is not present

Andreas Steffen andreas.steffen at strongswan.org
Tue Aug 2 11:20:43 CEST 2016

Hi Sarat,

leftfirewall=yes is the right way to go. Just set up a
general drop policy with iptables, just allowing IKE
traffic via UDP ports 500 and 4500 as well as allowing
ESP (IP protocol 50). Also make sure that the updown
plugin is loaded by the charon daemon.

Best regards


On 01.08.2016 09:21, Sarat Vajrapu wrote:
> Hi,
> I am trying a lab setup with IPsec between two nodes.
> Is there a way where I can send/receive data packets only if ipsec is
> UP, else just drop the traffic?
> I tried "leftfirewall" option but it did not help me.
> Your inputs are highly appreciated.
> Regards,
> Sarat
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160802/2f5e90b9/attachment.bin>

More information about the Users mailing list