[strongSwan] Support for multiple interfaces(wired, wireless) in strongswan
Mahendra SP
mahendra.sp at gmail.com
Mon Jan 18 10:01:35 CET 2016
Hi, Thank you for the inputs.
We are planning to use freebsd n/w stack + strongswan. Can we still
control the IPsec per interface in the kernel using the above mentioned
sysctl values ?
The above sysctl values are for controlling the IPsec state per interface
at the kernel level. How about the policy ? Does strongswan provide options
to configure rules per interface? I looked at the strongswan man pages and
didn't find any.
Please let me know your thoughts.
Thanks
Mahendra
On Wed, Jan 13, 2016 at 3:40 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Mahendra,
>
> Charon is only the keying daemon.
> Setting "charon.interfaces_ignore" or charon.interfaces_use"only defines
> the list of interfaces
> whose IPs are listened on by charon or not.
> The kernel takes care of the traffic. If you want to disable XFRM policies
> on an interface, then you need to
> disable XFRM and policy on that interface. Those are the following sysctl
> values:
>
> net.ipv4.conf.<interface>.disable_policy
> net.ipv4.conf.<interface>.disable_xfrm
>
> Set them to 1 to disable IPsec processing on that interface.
>
> - --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWliJ5AAoJEDg5KY9j7GZY18QQAJkPB3PCzJfQ0WPLzfHcNX9m
> /QQQdIjz9RWQjBrBOzMxdnPA816xLQ5JLmjdOFpJy3RE7WM/upsJLB+CDMyYMy1t
> oQGzAWthL1DqYyWrJthfKKihSHmQAo3cKI4EE6uhis60ZjoRyGNH0dao1PjYA+uC
> mZ96nProY/xi7xxhiQnSRLYlwwb/wSVOFSo4U/j3vgpljUIgPueFXovewW8adbuN
> kPwvhgZ/HihO6pkcZQnk1zbCUBuwdFoRV+5Gj1zNW0+UKhKSTXmuOZJit8Y0TM8P
> qYLDFoeYO7Xg+XiXZ0Y7qzv5OF7RQVeQnDs86MElr6128XZ5ghU2zgzdkm/lmEmH
> 0SvXfM8Afc0raJdtuo4YvSnIEp85n5RGVh79BcG8ss4TwnoTrGEInYL4QyVkm6FA
> +vt6IZNCC5UeTMRq7XgN8jBKxTBxXy6eoRe/1vJrDLplp4i0+ZddN5Md1wKK2cx6
> lJpeGgQNFuOOy/rp5CRID1RbJZNDywv1ZDUN6xhR1FO04eG8XL5LBDEHoZQRpFi0
> UpnAkGPBa04d4C+CeS+lQbW5LvR3KlQi2lxnxDt2gm7dSXt2kB9ssXNo2Qa1ZDwY
> qguqYkdh4/2ADG+gP98t1KdFmnbUSo/IIElmVutkHvm/Xtj4M9CdTfPilr3UxPkV
> 6PCTUv2rh4SYJc7m0dIs
> =QXjV
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160118/830579fc/attachment.html>
More information about the Users
mailing list