On Fri, 17 Apr 2020, Daniel Thielemann wrote:
To secure it up completely I would like to ask if there is any way I could apply a "private or drop/hold packet" policy to my vpn configs so that packets are encrypted in ANY case before they leave the box?
if you use auto=ondemand or auto=start, then no unencrypted packets will ever leave the host. The packets will either get encrypted, or dropped.
I used the parameters already but the shunting
the negotiationshunt/failureshunt is really more meant for mesh encryption deployments, where some nodes might want to fallback to cleartext if a node does not support encryption. These values do not need setting, and should not be set for regular host to host or site to site tunnels. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
