[strongSwan] Remove default policy

Thomas Egerer hakke_007 at gmx.de
Wed Mar 23 08:23:18 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On March 23, 2016 4:02:48 AM GMT+01:00, Naveen Neelakanta <naveen.b.neelakanta at gmail.com> wrote:
>Hello,
>
>Is it possible to configure strongswan not to add the below default
>policy rules.
>I am running strong swan in TEST namespace on linux and i don't see
>the arp working from the root name space to namespace interface.  I
>would like to know why ARP between the root namespace and Test
>namespace is not working if i have the below policy rules. i have used
>veth pair to connect namespace and root .
>
>src 0.0.0.0/0 dst 0.0.0.0/0
>        socket in priority 0
>src 0.0.0.0/0 dst 0.0.0.0/0
>        socket out priority 0
>src 0.0.0.0/0 dst 0.0.0.0/0
>        socket in priority 0
>src 0.0.0.0/0 dst 0.0.0.0/0
>        socket out priority 0
>src ::/0 dst ::/0
>        socket in priority 0
>src ::/0 dst ::/0
>        socket out priority 0
>src ::/0 dst ::/0
>        socket in priority 0
>src ::/0 dst ::/0
>        socket out priority 0
>
>Thanks,
>Naveen
>_______________________________________________
>Users mailing list
>Users at lists.strongswan.org
>https://lists.strongswan.org/mailman/listinfo/users

These socket policies are essential to charon to bypass the xfrm stack of the kernel. You cannot remove them.


Thomas
- --
Sent from a mobile device. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQI+BAEBCgAoBQJW8kRlIRxUaG9tYXMgRWdlcmVyIDxoYWtrZV8wMDdAZ214LmRl
PgAKCRBit9TjYqwUxvBVEACdETVLmjCn8xo61I85f6ixlMq9SCYqu2p/xxNZ/J/3
qHdl/6ngqFhVoSaPvI3jXSMjElSlrU3I+AcmHYLyPLDBwXZPLJ91mmn1A6eJCEBq
7Q6jd9Xk5KfnYpzR5gyNyDjoyWXXwfKBwO+3U68wZs4f8nk9BEDIxHLGDQaVoYxu
yBHQqrTM9gKzejk9tHTbaRGdKRsALBngRFhPLW4NCSC6AkGTi1/S/nku8tm40IEu
aV4k3sNN4ivCoYb0ksiqHlzeVs23I3dokpR2NMFtxtW3VUwZUmlngrOjuAntc1M+
dZ3qwOsXknI1diwMZMPRVnjDgGqdAwjtGPy76xLZpkFhVtAdJAweNwhnFtCwo+k/
3JMF0JmE7ZPhYMT7U5eGq+ed5qxEffcFMSNgMZgsObP/HJj1m7+1IAbAon+sc2Lf
cN21Ja9EJ4Wf/E8OleBIRiESmUKvzFH5q+iix5EWJ/U93y1OqDOEIcK+o7yOyiGX
POAfsT43YfYiIS18QCQNtpK3xZNDygUND27/OyoZwMeY3KAqO2AiOonHzI4yACyr
CaN4V/5gmd/zszhIegEC4FgqBd2GfhJP90/Cuk2yTrKMADtNWNes4CXU9juEFHXj
6fOpI98DjB1b2tEctEHL8o2u+HBF876i9blmOzqKwYqmV7W7iIo4LP8H61U6/OeB
xw==
=MF5U
-----END PGP SIGNATURE-----



More information about the Users mailing list