[Openswan Users] OpenSWAN and unencrypted packets

Gunter Ohrner G.Ohrner at post.rwth-aachen.de
Wed Jul 27 14:22:54 CEST 2005


I just transitioned from SuperFreeSWAN 1.99 to OpenSWAN 2.2 and from KLIPS
to Linux's native IPSEC Stack.
The problem I face now is that although an IPSEC SA with a given peer is
established, unencrypted packets from the peer's IP address can still pass
my box.

My impression was that the kernel should swallow these instead?

How can I enforce encrypted communication for a given set / range of IPs?
And pointers to appropriate "Fine Manuals" ;) are appreciated. :-)

I already use dynamic packet filter rules via the updown-script mechanism,
so if the IPSEC SA is removed the route is closed again.



You know what I'd really, really like? What I'd pay MONEY for? A ZX81 
with a disc drive. I *understood* the ZX81. It was so easy to interface 
stuff to it.        -- (Terry Pratchett, alt.fan.pratchett)
*** PGP-Verschlüsselung bei eMails erwünscht :-) *** PGP: 0x1128F25F ***

More information about the Users mailing list