[Openswan Users] How to apply the policy on a interface?

Diego Woitasen diego at woitasen.com.ar
Wed Aug 31 15:39:51 EDT 2011

On Wed, Aug 31, 2011 at 4:12 PM, Diego Woitasen <diego at woitasen.com.ar> wrote:
> Hi,
>  I have an IPSEC setup between two Linux gateways. It's working fine
> except for one thing. I have the subnet in one side and
> on the other side (the headquarters, with several subnets).
> Because I have leftsubnet= and rightsubnet= in
> the one of the sides the SPD has the following entries:
> src dst
>   .....
> src dst
>   .....
> src dst
>   .....
> If I ping from a host in the subnet to the gateway, I
> get no reply. That's clear for me because the policy says that
> security is required for anything that match
><-> To proof this, I get the ping working
> with this lines:
> ip xfrm policy add dir in src dst action allow
> ip xfrm policy add dir out src dst action allow
> Now, my question is... is it possible to configure Openswan in a way
> that the policy created after the SAs uses the interface as selector?
> Regards,
>  Diego
> --
> Diego Woitasen

It seems impossible :)

I fixed the problem using ipsec.conf thanks to Letoto (irc) and the
example hub-spoke.conf.

conn netkeybug


Diego Woitasen

More information about the Users mailing list