[strongSwan] Question about charon.interfaces_ignore/charon.interfaces_use
tobias at strongswan.org
Wed Sep 28 17:37:49 CEST 2016
> I'm trying to configure StrongSwan on a Linux platform that has three
> interfaces (for simplicity, I'll call them a, b, and c). I only want to
> do IPsec on interface a and I want interfaces b and c to be unaffected.
> In the strongswan.conf file I added the line interfaces_ignore = b,c to
> the charon subsection. However, I am seeing that traffic going to
> interfaces b and c are still attempting to negotiate IPsec. Conversely,
> I tried interfaces_use = a and still saw the same result.
Are IPs on interfaces b and c listed in `ipsec statusall`? If you
increase the log level for the knl subsystem, do you see interfaces b
and c and their IPs listed when the daemon starts? Also, if you
increase the log level for the net subsystem to 3 there should be a
message logged if a packet is dropped because it was addressed to an IP
on an ignored interface.
More information about the Users