[Openswan Users] OpenSWAN and unencrypted packets
Gunter Ohrner
G.Ohrner at post.rwth-aachen.de
Wed Jul 27 14:22:54 CEST 2005
Hi!
I just transitioned from SuperFreeSWAN 1.99 to OpenSWAN 2.2 and from KLIPS
to Linux's native IPSEC Stack.
The problem I face now is that although an IPSEC SA with a given peer is
established, unencrypted packets from the peer's IP address can still pass
my box.
My impression was that the kernel should swallow these instead?
How can I enforce encrypted communication for a given set / range of IPs?
And pointers to appropriate "Fine Manuals" ;) are appreciated. :-)
I already use dynamic packet filter rules via the updown-script mechanism,
so if the IPSEC SA is removed the route is closed again.
Greetings,
Gunter
--
You know what I'd really, really like? What I'd pay MONEY for? A ZX81
with a disc drive. I *understood* the ZX81. It was so easy to interface
stuff to it. -- (Terry Pratchett, alt.fan.pratchett)
*** PGP-Verschlüsselung bei eMails erwünscht :-) *** PGP: 0x1128F25F ***
More information about the Users
mailing list