[strongSwan] fail open mode for strongswan
Andreas Steffen
andreas.steffen at strongswan.org
Tue Feb 9 20:52:59 CET 2016
Hi Matthew,
actually the default policy settings of the Linux kernel will
transmit all communications not matched by an IPsec policy in the
clear.
Regards
Andreas
On 02/09/2016 07:23 PM, Matthew Boedicker wrote:
> Are there any configuration settings that can make strongswan "fail
> open" when in host-to-host transport mode? It would try to negotiate an
> encrypted connection but fall back to communicating in the clear if the
> encryption failed for some reason.
>
> Thanks.
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160209/ac6c170b/attachment.bin>
More information about the Users
mailing list