Alternative for setkey for strongswan. #2221
Unanswered
gowdamanil
asked this question in
Q&A
Replies: 1 comment 3 replies
-
To do what exactly?
Theoretically, yes. But you generally don't have to manipulate the SPD manually. Policies usually are negotiated as traffic selectors.
Hm, transport mode with a |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello @tobiasbrunner
But is there an alternative for setkey? Can i use ip xfrm for manipulating spd?
src local-IP/24 dst 0.0.0.0/0
dir out priority 2000
tmpl src local-IP dst 0.0.0.0
proto esp reqid 1 mode transport
src local-IP/24 dst 0.0.0.0/0
dir in priority 2000
tmpl src local-IP dst 0.0.0.0
proto esp reqid 1 mode transport
What to use in right and left in swanctl? Because if i use right = 0.0.0.0/0, then the output of ip xfrm policy show is empty. But when i add specific IP, this is seen?
Beta Was this translation helpful? Give feedback.
All reactions