[strongSwan] Support for multiple interfaces(wired, wireless) in strongswan

Mahendra SP mahendra.sp at gmail.com
Wed Jan 20 14:07:13 CET 2016


Hi All,

Can anyone let me know your inputs for this query ?

Thanks

Mahendra


On Mon, Jan 18, 2016 at 2:01 AM, Mahendra SP <mahendra.sp at gmail.com> wrote:

> Hi, Thank you for the inputs.
>
> We are planning to use freebsd n/w stack + strongswan.  Can we still
> control the IPsec per interface in the kernel using the above mentioned
> sysctl values ?
>
> The above sysctl values are for controlling the IPsec state per interface
> at the kernel level. How about the policy ? Does strongswan provide options
> to configure rules per interface? I looked at the strongswan man pages and
> didn't find any.
>
> Please let me know your thoughts.
>
> Thanks
> Mahendra
>
> On Wed, Jan 13, 2016 at 3:40 PM, Noel Kuntze <noel at familie-kuntze.de>
> wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hello Mahendra,
>>
>> Charon is only the keying daemon.
>> Setting "charon.interfaces_ignore" or charon.interfaces_use"only defines
>> the list of interfaces
>> whose IPs are listened on by charon or not.
>> The kernel takes care of the traffic. If you want to disable XFRM
>> policies on an interface, then you need to
>> disable XFRM and policy on that interface. Those are the following sysctl
>> values:
>>
>> net.ipv4.conf.<interface>.disable_policy
>> net.ipv4.conf.<interface>.disable_xfrm
>>
>> Set them to 1 to disable IPsec processing on that interface.
>>
>> - --
>>
>> Mit freundlichen Grüßen/Kind Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQIcBAEBCAAGBQJWliJ5AAoJEDg5KY9j7GZY18QQAJkPB3PCzJfQ0WPLzfHcNX9m
>> /QQQdIjz9RWQjBrBOzMxdnPA816xLQ5JLmjdOFpJy3RE7WM/upsJLB+CDMyYMy1t
>> oQGzAWthL1DqYyWrJthfKKihSHmQAo3cKI4EE6uhis60ZjoRyGNH0dao1PjYA+uC
>> mZ96nProY/xi7xxhiQnSRLYlwwb/wSVOFSo4U/j3vgpljUIgPueFXovewW8adbuN
>> kPwvhgZ/HihO6pkcZQnk1zbCUBuwdFoRV+5Gj1zNW0+UKhKSTXmuOZJit8Y0TM8P
>> qYLDFoeYO7Xg+XiXZ0Y7qzv5OF7RQVeQnDs86MElr6128XZ5ghU2zgzdkm/lmEmH
>> 0SvXfM8Afc0raJdtuo4YvSnIEp85n5RGVh79BcG8ss4TwnoTrGEInYL4QyVkm6FA
>> +vt6IZNCC5UeTMRq7XgN8jBKxTBxXy6eoRe/1vJrDLplp4i0+ZddN5Md1wKK2cx6
>> lJpeGgQNFuOOy/rp5CRID1RbJZNDywv1ZDUN6xhR1FO04eG8XL5LBDEHoZQRpFi0
>> UpnAkGPBa04d4C+CeS+lQbW5LvR3KlQi2lxnxDt2gm7dSXt2kB9ssXNo2Qa1ZDwY
>> qguqYkdh4/2ADG+gP98t1KdFmnbUSo/IIElmVutkHvm/Xtj4M9CdTfPilr3UxPkV
>> 6PCTUv2rh4SYJc7m0dIs
>> =QXjV
>> -----END PGP SIGNATURE-----
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160120/a9c01680/attachment.html>


More information about the Users mailing list