[Openswan dev] VPN policie and Protocol selector
david2005.p at gmail.com
Mon Sep 12 14:46:06 CEST 2005
2005/9/7, Paul Wouters <paul at xelerance.com>:
> On Tue, 6 Sep 2005, david wrote:
> >> >> Write a policy of "type=passthrough" for the other protocols.
> >> david> Would this type of policy enable me to not discard the other
> >> david> protocols but also to let them pass outside of the VPN ?
> >> Yes.
> >> if you don't discard them, then they will be forwarded in the clear.
> > thx michael
> > This is exactly what I want to do.
> > But I don't know how to write this policy and where (in ipsec.conf ?)
> > Could you give me an example or an URL where I can find It ?
> something like:
> conn pass-all-udp
> (17 is the udp protocol number, see /etc/protocols)
So I ve configured the ends of the VPN like this :
rightid="C=fr, ST=idf, ....."
Those 2 hosts are directly linked for tests and there is no subnet
behind them. When the HostA establishes the VPN with HostB, the VPN
goes up but only icmp traffic can use it. Other traffics are simply
discarded...and I don't want that.
So what's wrong or missed ?
More information about the Dev