[strongSwan] Route-based VPNs (XFRM Interfaces) vs policies based VPNs

Marco Berizzi pupilla at hotmail.com
Fri Dec 20 17:42:50 CET 2019

Hello everyone,

I need to setup a to ipsec tunnel.
I was thinking to setup it with the new xfrm interfaces:
I don't need route all the throught this vpn.

My question is how 'route based' and 'policies based'
VPNs will coexist on the same linux box.

For example, if I'm going to implement a to vpn with the xfrm interfaces and then I will
route the traffic only for the network
throught the ipsec0 device (for example), and then I
implement a classic policy based vpn (without the xfrm
interface) with the following traffic selectors and, what will happen?
Will the linux kernel process the packets for the and into the right ipsec



More information about the Users mailing list