[Openswan Users] How to apply the policy on a interface?

Diego Woitasen diego at woitasen.com.ar
Wed Aug 31 15:12:03 EDT 2011

 I have an IPSEC setup between two Linux gateways. It's working fine
except for one thing. I have the subnet in one side and on the other side (the headquarters, with several subnets).
Because I have leftsubnet= and rightsubnet= in
the one of the sides the SPD has the following entries:

src dst
src dst
src dst

If I ping from a host in the subnet to the gateway, I
get no reply. That's clear for me because the policy says that
security is required for anything that match<-> To proof this, I get the ping working
with this lines:

ip xfrm policy add dir in src dst action allow
ip xfrm policy add dir out src dst action allow

Now, my question is... is it possible to configure Openswan in a way
that the policy created after the SAs uses the interface as selector?


Diego Woitasen

More information about the Users mailing list