Hi Paul, > You need to actually have a conn private and a conn clear. Those > group connections are then instantiated for each CIDR line in > the policy files clear and private. > > Try adding those in a file, eg /etc/ipsec.d/mesh.conf
[ ... ] thanks for your response. I added the two conns from your mail verbatim. After that, the xfrm policies are installed - but only for ssh (according to /etc/ipsec.d/policies/clear). This corresponds to pluto startup output; it only says pluto[12539]: loading group "/etc/ipsec.d/policies/clear", but does not mention /etc/ipsec.d/policies/private at all (which itself contains only the line with 10.0.10.240/32). The system in fact behaves accordingly, transmitting all packets (not only SSH) happily in clear. Best regards, Phil _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan