[Swan] Policy groups
phil.nightowl at gmail.com
phil.nightowl at gmail.com
Wed Jun 10 09:10:55 UTC 2020
Hi Paul,
> You need to actually have a conn private and a conn clear. Those
> group connections are then instantiated for each CIDR line in
> the policy files clear and private.
>
> Try adding those in a file, eg /etc/ipsec.d/mesh.conf
[ ... ]
thanks for your response. I added the two conns from your mail verbatim.
After that, the xfrm policies are installed - but only for ssh (according
to /etc/ipsec.d/policies/clear). This corresponds to pluto startup output;
it only says
pluto[12539]: loading group "/etc/ipsec.d/policies/clear",
but does not mention /etc/ipsec.d/policies/private at all (which itself
contains only the line with 10.0.10.240/32). The system in fact
behaves accordingly, transmitting all packets (not only SSH) happily in
clear.
Best regards,
Phil
More information about the Swan
mailing list