[strongSwan] IPsec drop policies 2
reterverv ercertecrterc
bernd1293 at inbox.lv
Sun Jan 12 08:19:05 CET 2020
Hello.
I have tried these rules in ipsec.conf:
------------------------------------------
conn dropall
authby=never
leftsubnet=0.0.0.0/0[%any/%any]
rightsubnet=0.0.0.0/0[%any/%any]
type=drop
auto=route
-------------------------------------------
And it blocks everything.
> Set the priorities manually.
I set the priority with any number manually in swanctl.conf, but it didn't work:
-----------------------------
connections {
dropall {
children {
dropall {
local_ts = 0.0.0.0/0[%any/%any]
remote_ts = 0.0.0.0/0[%any/%any]
priority = x <-------- x = any number
mode = drop
start_action = trap
}
}
}
}
----------------------------
> Make sure the permitting policies have a higher one than the restricting ones.
That part I don't understand. How can I check what restricting is and how can I override it with permitting policies?
Are my rules similar to the kill-switch rules?
More information about the Users
mailing list