Hi Emeric, > conn "test PASS" > leftsubnet=192.168.120.0/24 > rightsubnet=192.168.110.0/24 > auto=route > type=passthrough > authby=never
This should be drop, not passthrough. > I see at least two problems: > - Why do the additional policies are not installed in the kernel? Only the > refcount are updated? There should not be any additional policies, but the existing policies should get updated with the new information (like reqids etc.). > - I'm not sure FreeBSD can handle SP priority? We are using FreeBSD 9.3. The policies are used internally in the plugin to decide which SA/information should be associated with the policies. Since passthrough policies have a higher priority than IPsec policies the installed policies are not updated, try with type=drop. Regards, Tobias _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
