[strongSwan] Remove default policy
Naveen Neelakanta
naveen.b.neelakanta at gmail.com
Thu Mar 24 00:32:27 CET 2016
Hello ,
After adding the below policy rule, i see that the icmp packets where
getting forwarded to net1 and sent out, however the reply was not getting
forwarded back to lan1 interface.
ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 proto icmp dir fwd priority
0 action allow
Thanks,
Naveen
On Tue, Mar 22, 2016 at 8:02 PM, Naveen Neelakanta <
naveen.b.neelakanta at gmail.com> wrote:
> Hello,
>
> Is it possible to configure strongswan not to add the below default
> policy rules.
> I am running strong swan in TEST namespace on linux and i don't see
> the arp working from the root name space to namespace interface. I
> would like to know why ARP between the root namespace and Test
> namespace is not working if i have the below policy rules. i have used
> veth pair to connect namespace and root .
>
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0
> src ::/0 dst ::/0
> socket in priority 0
> src ::/0 dst ::/0
> socket out priority 0
> src ::/0 dst ::/0
> socket in priority 0
> src ::/0 dst ::/0
> socket out priority 0
>
> Thanks,
> Naveen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160323/4839ff9b/attachment.html>
More information about the Users
mailing list