[strongSwan] Exclude protocol from IPsec

Noel Kuntze noel at familie-kuntze.de
Mon May 22 21:19:07 CEST 2017


Add a passthrough policy for the protocol.

Am 22. Mai 2017 19:09:03 MESZ schrieb Piyush Agarwal <agarwalpiyush at gmail.com>:
>Hi,
>Reading through the left|rightsubnet, it seems like there is no way to
>*exclude* a protocol from getting encrypted?
>
>I have a host to host tunnel and I want to encrypt everything between
>these
>except ICMP since I'd like to do out-of-tunnel ping/traceroute.
>
>Prior to using strongswan, I was using racoon where I could use setkey
>to
>manually update the SPD to exclude icmp alone.
>
>Please advise if there is any way to achieve this with strongswan.
>
>Thanks.
>
>-- 
>Piyush Agarwal
>Life can only be understood backwards; but it must be lived forwards.

-- 
Sent from mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170522/e084f72a/attachment.html>


More information about the Users mailing list