[strongSwan] Stronswan to ignore IKE-SA-INIT response from a bogus IPv6 address
rajeev nohria
rajnohria at gmail.com
Tue Jun 26 10:42:52 CEST 2018
Hi Tobias,
Which parameter to configure the specific remote IP address for a
connection, so that we can reject the messages from any other IP address?
I am assuming we are talking about one of parameter in swanctl.conf.
If we are talking about connections.<conn>.remote_addrs..
I did configure remote_addrs, that does not help in Stronswan to ignore
IKE-SA-INIT response from a bogus IPv6 address. Is iptables only way to
stop it.
Thanks,
Rajeev
On Wed, May 23, 2018 at 3:42 AM, Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Rajeev,
>
> > I would
> > imagine it should be rejected.
>
> Why? Unless you configure specific remote IP addresses for a connection
> there is no reason to reject messages from any IPs.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180626/c3102057/attachment.html>
More information about the Users
mailing list