[strongSwan] IPsec drop policies 2

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Sat Feb 1 23:27:18 CET 2020

Hello Bernd,

I took a look at the data you provided and it looks okay.
Are you connecting to your router from its LAN or over the Internet?
If not, then the packets are caught by the drop policy and you will need a policy for those, too.

You can chain shell commands together as I showed in the command I sent you earlier.
You can use that to do stuff even if the connection is disconnected intermediately.

Kind regards


Am 01.02.20 um 10:28 schrieb reterverv ercertecrterc:
>> It doesn't "stop working". It enforces your configured policies.
> Hello Noel.
> If "swanctl --load-all" enforces my configured policies and does not stop, then how can I start the swanctl.conf after that?
> I can't type anything into the terminal after "swanctl --load-all".
> Look at the picture: https://abload.de/img/swanctlwbk6a.jpg
> Did the output of "swanctl -q ; ip x p ; swanctl -P ; ip route show table all ; ip rule ; iptables-save ; swanctl -u --child dropall" help you?
> Best regards
> Bernd

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200201/3b9ada23/attachment.sig>

More information about the Users mailing list