Thanks Martin. I can't block that interface since it is the one that I use to convey control messages. I wanted to decouple it to prevent send N(ADDITIONAL_IP_ADDRESSES) containing that useless interface.
On the other hand, I've noticed that duplicate messages are sent when updating secondary addresses (some interface is activated): May 5 14:49:30 05[KNL] *interface eth1 activated* May 5 14:49:31 10[IKE] sending address list update using MOBIKE May 5 14:49:31 10[ENC] generating INFORMATIONAL request 2 [ N(ADD_4_ADDR) N(ADD_4_ADDR) ] May 5 14:49:31 10[NET] sending packet: from 192.168.200.20[4500] to 192.168.100.10[4500] May 5 14:49:31 13[NET] received packet: from 192.168.100.10[4500] to 192.168.200.20[4500] May 5 14:49:31 13[ENC] parsed INFORMATIONAL response 2 [ ] May 5 14:49:32 05[KNL] *fe80::fcfd:ff:fe00:301 appeared on eth1* May 5 14:49:32 14[IKE] sending address list update using MOBIKE May 5 14:49:32 14[ENC] generating INFORMATIONAL request 3 [ N(ADD_4_ADDR) N(ADD_4_ADDR) ] May 5 14:49:32 14[NET] sending packet: from 192.168.200.20[4500] to 192.168.100.10[4500] May 5 14:49:32 08[NET] received packet: from 192.168.100.10[4500] to 192.168.200.20[4500] May 5 14:49:32 08[ENC] parsed INFORMATIONAL response 3 [ ] I'm using *ifconfig ethX down* to disable interfaces and *ifup --force ethX*to activated since if I activate them with ifconfig up the routing table is removed. My scenario is composed by an initiator (roadwarrior) and responder connected by other host that acts as a router. Best Regards On 5 May 2011 14:47, Martin Willi <[email protected]> wrote: > Hi, > > > I'm using StrongSWAN and I'd need to bind some interfaces to IPsec and > > not all of them. Is there any option to obtain this behavior? > > No, binding to specific interfaces is currently not supported. Linux > handles ESP traffic independent from interfaces. For IKE, the daemon > currently binds on all interfaces. You could use firewalling to > block/allow IKE/ESP traffic on selected interfaces. > > Regards > Martin > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
