[strongSwan] Rule Priorities Across Connections
Jafar Al-Gharaibeh
jafar at atcorp.com
Thu Oct 5 18:24:51 CEST 2017
Hi,
I know that the most specific rule is applied a given traffic if
multiple overlapping rules exist. But How is the priority determined
when rules are specific in different ways Like the cases below. Not sure
if this is a strongSwan question or a OS Kernel question as it seems
this is more of how the Linux kernel handles it for example, but I hope
someone here can shed some light on this subject.
Example 1:
Connection 1 :
rightsubnet=10.0.0.1/32
Connection 2 :
rightsubnet=10.0.0.0/24[udp]
If a udp packet is going to 10.0.0.1, which connection config will be
use? Does the priority starts with subnet where the most specific subnet
takes precedence before moving to protocols/ports?
What is the priority between the protocols and ports themselves?
Example 2:
Connection 1 :
leftsubnet=10.0.0.1/32
rightsubnet=192.168.0.0/24
Connection 2 :
leftsubnet=10.0.0.0/24
rightsubnet=192.168.0.1/32
For a packet going from 10.0.0.1 to 192.168.0.1, based on the source
connection 1 has higher priority, but based on the destination
connection 2 has a higher priority. How is this handled?
Regards,
Jafar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171005/4dd3488c/attachment.html>
More information about the Users
mailing list