Hi Tobias,
Which parameter to configure the specific remote IP address for a
connection, so that we can reject the messages from any other IP address?
I am assuming we are talking about one of parameter in swanctl.conf.
If we are talking about connections..remote_addrs..
I did configure
Hi Rajeev,
> I would
> imagine it should be rejected.
Why? Unless you configure specific remote IP addresses for a connection
there is no reason to reject messages from any IPs.
Regards,
Tobias
:cada:c406::200[C=US, O=CableLabs,
CN=00:01:5c:96:16:00]
15[IKE] scheduling rekeying in 13604s
15[IKE] maximum IKE_SA lifetime 15044s
On Tue, May 22, 2018 at 9:08 AM, Tobias Brunner <tob...@strongswan.org>
wrote:
> Hi Rajeev,
>
> > Is there way to Stronswan to ignore IKE-SA-INIT response from a bogus
> > IPv6 address? Strongswan replies to all the IKE-SA-INIT receive from all
> > IP addresses.
>
> Use iptables.
>
> Regards,
> Tobias
>
Hi Rajeev,
> Is there way to Stronswan to ignore IKE-SA-INIT response from a bogus
> IPv6 address? Strongswan replies to all the IKE-SA-INIT receive from all
> IP addresses.
Use iptables.
Regards,
Tobias
I use Davici Interface with Strongswan 5.5
Is there way to Stronswan to ignore IKE-SA-INIT response from a bogus IPv6
address? Strongswan replies to all the IKE-SA-INIT receive from all IP
addresses.
thanks,
Rajeev