[strongSwan] Route-based VPNs (XFRM Interfaces) vs policies based VPNs
pupilla at hotmail.com
Fri Dec 20 17:42:50 CET 2019
I need to setup a 0.0.0.0/0 to 0.0.0.0/0 ipsec tunnel.
I was thinking to setup it with the new xfrm interfaces:
I don't need route all the 0.0.0.0/0 throught this vpn.
My question is how 'route based' and 'policies based'
VPNs will coexist on the same linux box.
For example, if I'm going to implement a 0.0.0.0/0 to
0.0.0.0/0 vpn with the xfrm interfaces and then I will
route the traffic only for the 188.8.131.52/24 network
throught the ipsec0 device (for example), and then I
implement a classic policy based vpn (without the xfrm
interface) with the following traffic selectors
184.108.40.206/24 and 220.127.116.11/24, what will happen?
Will the linux kernel process the packets for the
18.104.22.168/24 and 22.214.171.124/24 into the right ipsec
More information about the Users