following strongSwan config:
charon.plugins.allow_swap = no
I'm not sure if one would be expected to make such a change in order to get
this bypass scenario to function,
but that's what worked for me.
Regards.
Plevin
On 7/12/2016 4:36 AM, Tobias Brunner wrote:
Hi Plevin,
conn client-1
to tcp sport 5001 dir in priority
100 ptype main action allow
sun:
ip xfrm policy add dst 192.168.0.1/32 proto tcp dport 5001 dir out priority
100 ptype main action allow
ip xfrm policy add dst 192.168.0.1/32 proto tcp dport 5001 dir fwd priority
100 p
userspace IPsec datapath stack.
No doubt I'm unaware of some of the design constraints, so to simplify the
question, I'd ask:
"is there any reason one should *not* implement a userspace IPsec stack using Netfilter and NFQUEUEs in combination
with Strongswan"?
Thank you
