[strongSwan] IPsec drop policies 2

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Jan 8 21:13:50 CET 2020


Hello Bernd,

Please keep the email thread intact by answering the emails instead of writing new ones from scratch.

Yes, you can use such a kill switch. AFAIK UCI does not support the necessary configuration steps. Just do it the same as on any other Linux.
Use swanctl.conf and swanctl.

Kind regards

Noel

Am 06.01.20 um 09:11 schrieb reterverv ercertecrterc:
>  
>  
> Sorry for double mail and html version.
> 
> I have heard that with strongSwan IPsec drop policies (similar to passthrough policies) it should be possible to configure a kill switch as with OpenVPN.
> 
> Passtrough policies: https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples#Passthrough-policy
> 
> Is it possible to block everything with IPsec drop policies and allow only IPsec IKEv2 traffic?
> 
> And how do I configure this for OpenWRT?
> 
> My last IPsec IKEv2 settings are here: https://wiki.strongswan.org/issues/3291
> 
> Best regards
> 
> Bernd
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200108/e67eb4a9/attachment-0001.sig>


More information about the Users mailing list