[strongSwan] Drop data traffic if ipsec is not present
saratvajrapu1 at gmail.com
Thu Aug 4 14:00:03 CEST 2016
Thanks for the inputs.
I was expecting leftfirewall=yes would take care of adding default policies
for IKE, ESP and drop traffic.
>From your explanation, I understood that we need to explicitly configure
iptables. So what does leftfirewall actually do?
On Tue, Aug 2, 2016 at 2:50 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Sarat,
> leftfirewall=yes is the right way to go. Just set up a
> general drop policy with iptables, just allowing IKE
> traffic via UDP ports 500 and 4500 as well as allowing
> ESP (IP protocol 50). Also make sure that the updown
> plugin is loaded by the charon daemon.
> Best regards
> On 01.08.2016 09:21, Sarat Vajrapu wrote:
> > Hi,
> > I am trying a lab setup with IPsec between two nodes.
> > Is there a way where I can send/receive data packets only if ipsec is
> > UP, else just drop the traffic?
> > I tried "leftfirewall" option but it did not help me.
> > Your inputs are highly appreciated.
> > Regards,
> > Sarat
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users