Sebastian, > But what is the purpose of IPsec IN policy?
The IN policy allows you to limit the traffic to a given selector for encrypted packets coming over a tunnel. If you want to restrict incoming traffic to certain ports or protocols, the IN policy takes care for filtering that. According to your tests it seems that Linux accepts incoming traffic if no policy exists for an SA, but an existing policy would allow you to limit traffic allowed for that tunnel. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
