[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] swanctl and bypass/shunt policies
From: Noel Kuntze <noel () familie-kuntze ! de>
Date: 2014-08-19 18:13:45
Message-ID: 53F393D9.8040103 () familie-kuntze ! de
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Volker,
Nice, thank you!
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 19.08.2014 um 17:19 schrieb Volker RĂ¼melin:
>
>> Did anyone already write a bypass/shunt policy with swanctl?
>> If so, I'd like to see one as an example.
>>
>>
> Hi Noel,
>
> # ip xfrm pol
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0 ptype main
> src ::/0 dst ::/0
> socket in priority 0 ptype main
> src ::/0 dst ::/0
> socket out priority 0 ptype main
> src ::/0 dst ::/0
> socket in priority 0 ptype main
> src ::/0 dst ::/0
> socket out priority 0 ptype main
> # cat /etc/swanctl/swanctl.conf
> connections {
> swanctl-home-online-ipv6 {
> local {
> }
> children {
> sho-ipv6 {
> mode = pass
> local_ts = 212.x.x.x/32[ipv6]
> remote_ts = 87.y.y.y/32[ipv6]
> }
> }
> }
> }
> # swanctl -c
> loaded connection 'swanctl-home-online-ipv6'
> successfully loaded 1 connections, 0 unloaded
> # swanctl --install -c sho-ipv6
> install completed successfully
> # ip xfrm pol
> src 87.y.y.y/32 dst 212.x.x.x/32 proto ipv6
> dir fwd priority 1282 ptype main
> src 87.y.y.y/32 dst 212.x.x.x/32 proto ipv6
> dir in priority 1282 ptype main
> src 212.x.x.x/32 dst 87.y.y.y/32 proto ipv6
> dir out priority 1282 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0 ptype main
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0 ptype main
> src ::/0 dst ::/0
> socket in priority 0 ptype main
> src ::/0 dst ::/0
> socket out priority 0 ptype main
> src ::/0 dst ::/0
> socket in priority 0 ptype main
> src ::/0 dst ::/0
> socket out priority 0 ptype main
>
> Sorry, I used the wrong email account in my first email.
>
> Regards,
> Volker
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJT85PZAAoJEDg5KY9j7GZYDcUQAJWRUnPyXSByGyxA6MOkaeh9
NNfSGd+qeZ5CKJapQRapOeZCpIj0QxAwQO3KvxY8br5pDm2qDq320Jiv+4OK3Axf
k7KdopicHtMuT1U7g3tWdBJDI5ATWxKxTFv7IOLp4h09BKx+tXoad3LlFDAuYon6
LVRROGVdcRvtl2kk1fTVkOQogrEdb/JY6klKsNAUdVb2v0KvM7NkFXsTDAW2v/6l
duhwsesB6TWXem69rn0cyHS57RnBldeKdMm21yhVQCzE3fh5ROAm/uI8gzB+muXL
Rnt25HG1DmutWiVy8C47secVJfSz02pXJLtLh8rHvyMroVlalsATqtBciGjUrug4
v1Ulq7zD7lags5onLGnwXxVG6ANiqV4Re6hzekVITNBsASC7OwHyqXnuAhzWds88
wfptpRfj5eSwCuYSB6IfyGFXT4uuS0gcbZHcmaaj8cvvvrygyu33r+k5VHVgDbaU
pu3kz6Kv8MTcHu5/DJvZY75qAaadbF4TDUV9NxBH9rOVGxxq8llWsJDbqnQsZ7tG
nEAYooQIBCLsha7tg1WkqrFpgJFEmi/wemH1KWRVFijN5oGC0lfD2zkfnQgM+dvd
uiJT+LTZuFco+cIiBj2JPEC5hbSNJtR9GStQtNcZHMpMaptQip/yT7HzucuNs+pN
kOQ/XCUWREgwenQlkwVL
=KOFl
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic