[Swan] IPSec secure messages.

Paul Wouters paul at nohats.ca
Tue May 14 13:47:03 UTC 2019

On Tue, 14 May 2019, Madhan Raj wrote:

> 2.  I have configured an Ipsec policy on one of my server pointing to other server. but i didn't configure the policies on
> other side to point this server. 
> will network ping be successful?

If you use auto=add, then yes because libreswan would not initiate

If you use auto=ondemand or auto=start, then no because libreswan
will block leaking packets until the IPsec connection is up.

> 3. Will the network between two servers will be intact if the ipsec policies are down ? .i just wanna know if the ping
> command will work at least between two servers ?. 

No, unless you set failureshunt=passthrough, but I would not recommend


More information about the Swan mailing list