[strongSwan] Route-based VPNs (XFRM Interfaces) vs policies based VPNs
Marco Berizzi
pupilla at hotmail.com
Fri Dec 20 17:42:50 CET 2019
Hello everyone,
I need to setup a 0.0.0.0/0 to 0.0.0.0/0 ipsec tunnel.
I was thinking to setup it with the new xfrm interfaces:
I don't need route all the 0.0.0.0/0 throught this vpn.
My question is how 'route based' and 'policies based'
VPNs will coexist on the same linux box.
For example, if I'm going to implement a 0.0.0.0/0 to
0.0.0.0/0 vpn with the xfrm interfaces and then I will
route the traffic only for the 155.192.168.0/24 network
throught the ipsec0 device (for example), and then I
implement a classic policy based vpn (without the xfrm
interface) with the following traffic selectors
166.172.16.0/24 and 177.16.172.0/24, what will happen?
Will the linux kernel process the packets for the
166.172.16.0/24 and 177.16.172.0/24 into the right ipsec
policy?
Thanks
Marco
More information about the Users
mailing list