[strongSwan] Support for multiple interfaces(wired, wireless) in strongswan
Noel Kuntze
noel at familie-kuntze.de
Wed Jan 13 11:10:05 CET 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Mahendra,
Charon is only the keying daemon.
Setting "charon.interfaces_ignore" or charon.interfaces_use"only defines the list of interfaces
whose IPs are listened on by charon or not.
The kernel takes care of the traffic. If you want to disable XFRM policies on an interface, then you need to
disable XFRM and policy on that interface. Those are the following sysctl values:
net.ipv4.conf.<interface>.disable_policy
net.ipv4.conf.<interface>.disable_xfrm
Set them to 1 to disable IPsec processing on that interface.
- --
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWliJ5AAoJEDg5KY9j7GZY18QQAJkPB3PCzJfQ0WPLzfHcNX9m
/QQQdIjz9RWQjBrBOzMxdnPA816xLQ5JLmjdOFpJy3RE7WM/upsJLB+CDMyYMy1t
oQGzAWthL1DqYyWrJthfKKihSHmQAo3cKI4EE6uhis60ZjoRyGNH0dao1PjYA+uC
mZ96nProY/xi7xxhiQnSRLYlwwb/wSVOFSo4U/j3vgpljUIgPueFXovewW8adbuN
kPwvhgZ/HihO6pkcZQnk1zbCUBuwdFoRV+5Gj1zNW0+UKhKSTXmuOZJit8Y0TM8P
qYLDFoeYO7Xg+XiXZ0Y7qzv5OF7RQVeQnDs86MElr6128XZ5ghU2zgzdkm/lmEmH
0SvXfM8Afc0raJdtuo4YvSnIEp85n5RGVh79BcG8ss4TwnoTrGEInYL4QyVkm6FA
+vt6IZNCC5UeTMRq7XgN8jBKxTBxXy6eoRe/1vJrDLplp4i0+ZddN5Md1wKK2cx6
lJpeGgQNFuOOy/rp5CRID1RbJZNDywv1ZDUN6xhR1FO04eG8XL5LBDEHoZQRpFi0
UpnAkGPBa04d4C+CeS+lQbW5LvR3KlQi2lxnxDt2gm7dSXt2kB9ssXNo2Qa1ZDwY
qguqYkdh4/2ADG+gP98t1KdFmnbUSo/IIElmVutkHvm/Xtj4M9CdTfPilr3UxPkV
6PCTUv2rh4SYJc7m0dIs
=QXjV
-----END PGP SIGNATURE-----
More information about the Users
mailing list