[strongSwan] Support for multiple interfaces(wired, wireless) in strongswan

Rayson Zhu vfreex at gmail.com
Mon Jan 11 09:38:21 CET 2016


Hello Mahendra,
I don't think you can use options charon.interfaces_ignore and
charon.interfaces_use. They are designed to limit interfaces listened
on by strongSwan.
Maybe you can use XFRM marks to let strongSwan discriminate network
traffic from difference interfaces.
https://wiki.strongswan.org/projects/strongswan/wiki/Connmark

BR,
Rayson

On Mon, Jan 11, 2016 at 3:20 PM, Mahendra SP <mahendra.sp at gmail.com> wrote:
> Can anyone let me know your inputs for this query ?
>
> Thanks
>
> Mahendra
>
>
> On Wed, Jan 6, 2016 at 4:15 PM, Mahendra SP <mahendra.sp at gmail.com> wrote:
>>
>> Hi all,
>>
>> I found the below link:
>>
>> https://wiki.strongswan.org/issues/185
>>
>> which says "charon always listens on all interfaces". Does this mean we
>> can not enable/disable strongswan IPsec per interface ?
>>
>> Thanks
>> Mahendra
>>
>>
>>
>>
>> On Tue, Jan 5, 2016 at 10:45 PM, Mahendra SP <mahendra.sp at gmail.com>
>> wrote:
>>>
>>> Hi All,
>>>
>>> I am looking in to the information regarding support for multiple
>>> interfaces in strongswan.
>>>
>>> If we have a device with multiple interfaces active (wired and wireless)
>>> at the same tiem, can we have a configuration as below ?
>>>
>>> 1. Can IPsec policy be enabled for wired but not for the wireless ?
>>> 2. If policy is enabled only on wired, can we pass wireless packets
>>> without applying IPsec ?
>>> 3. Can the above be done for both initiator and responder cases?
>>> 4. Is it possible dynamically enable/disable IPsec for a particular
>>> interface ?
>>>
>>> Can we use options "charon.interfaces_ignore" and charon.interfaces_use"
>>> to achieve the above use cases ?
>>>
>>> Thanks
>>> Mahendra
>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


More information about the Users mailing list