[Swan] Policy groups

phil.nightowl at gmail.com phil.nightowl at gmail.com
Wed Jun 10 09:10:55 UTC 2020

Hi Paul,

> You need to actually have a conn private and a conn clear. Those
> group connections are then instantiated for each CIDR line in
> the policy files clear and private.
> Try adding those in a file, eg /etc/ipsec.d/mesh.conf

	[ ... ]

thanks for your response. I added the two conns from your mail verbatim. 
After that, the xfrm policies are installed - but only for ssh (according 
to /etc/ipsec.d/policies/clear). This corresponds to pluto startup output; 
it only says

pluto[12539]: loading group "/etc/ipsec.d/policies/clear",

but does not mention /etc/ipsec.d/policies/private at all (which itself 
contains only the line with The system in fact 
behaves accordingly, transmitting all packets (not only SSH) happily in 

Best regards,


More information about the Swan mailing list