Replies: 1 comment 1 reply
-
You don't want to define passthrough policies as child sections of a regular connection. Follow the examples. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi Folks,
I'm using strongswan v 5.9.6 and when I'm creating bypass policies using mode= pass the policy is created as protect. You can find as attached file a screenshot showing the policy type.
I would be grateful if you could tell me what was wrong with my following configuration
connections {
vpp2-trex {
local_addrs = 192.168.0.1
remote_addrs = 192.168.0.2
local {
remote {
auth = pubkey
id = moon.strongswan.org
}
children {
vp2-tr {
rekey_time = 54
rekey_bytes = 5000000
rekey_packets= 10000
mode = transport
esp_proposals = aes128gcm128-sha256
inactivity = 60s
}
drop-eth0-default {
local_ts = 0.0.0.0/0
remote_ts = 0.0.0.0/0
interface = eth0
priority = 4
mode = pass
start_action = trap
}
}
version = 2
mobike = no
reauth_time = 10800
proposals = aes128-sha256-x25519
}
}
Beta Was this translation helpful? Give feedback.
All reactions