[strongSwan] Exclude protocol from IPsec
noel at familie-kuntze.de
Mon May 22 21:19:07 CEST 2017
Add a passthrough policy for the protocol.
Am 22. Mai 2017 19:09:03 MESZ schrieb Piyush Agarwal <agarwalpiyush at gmail.com>:
>Reading through the left|rightsubnet, it seems like there is no way to
>*exclude* a protocol from getting encrypted?
>I have a host to host tunnel and I want to encrypt everything between
>except ICMP since I'd like to do out-of-tunnel ping/traceroute.
>Prior to using strongswan, I was using racoon where I could use setkey
>manually update the SPD to exclude icmp alone.
>Please advise if there is any way to achieve this with strongswan.
>Life can only be understood backwards; but it must be lived forwards.
Sent from mobile
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users