[strongSwan] IPsec drop policies 2

reterverv ercertecrterc bernd1293 at inbox.lv
Sun Jan 12 08:19:05 CET 2020


I have tried these rules in ipsec.conf:
conn dropall

And it blocks everything.

> Set the priorities manually.

I set the priority with any number manually in swanctl.conf, but it didn't work:
connections {
    dropall {
        children {
            dropall {
                local_ts =[%any/%any]
                remote_ts =[%any/%any]
                priority = x <-------- x = any number
                mode = drop
                start_action = trap

> Make sure the permitting policies have a higher one than the restricting ones.

That part I don't understand. How can I check what restricting is and how can I override it with permitting policies?

Are my rules similar to the kill-switch rules?

More information about the Users mailing list