Hello,
I am using opportunistic mode and was looking for a way to exclude IPs from the
policy files but couldn’t make it work-
Is ip exclusion supported ?
# rpm -qa | grep libreswan
libreswan-5.3-1.0.1.el8.x86_64
# cat /etc/ipsec.d/stre*.conf
conn private-or-clear-3
type=transport
auto=route
ikev2=insist
nic-offload=packet
negotiationshunt=passthrough
failureshunt=passthrough
authby=null
rightid=%null
leftid=%null
right=%opportunisticgroup
left=192.200.9.9
rekeyfuzz=20%
conn private-or-clear-4
type=transport
auto=route
ikev2=insist
nic-offload=packet
negotiationshunt=passthrough
failureshunt=passthrough
authby=null
rightid=%null
leftid=%null
right=%opportunisticgroup
left=192.200.9.10
rekeyfuzz=20%
cat /etc/ipsec.d/policies/private-or-clear-4
192.200.9.0/24
!192.200.9.9
cat /etc/ipsec.d/policies/private-or-clear-3
192.200.9.0/24
!192.200.9.10
Thanks
Confidential- Oracle Internal
_______________________________________________
Swan mailing list -- [email protected]
To unsubscribe send an email to [email protected]
