Hi Paul,
thank you for clarification. Then I'll remove these parameters from cfg.
Kind regards,
Daniel
Am 19.04.20 um 23:58 schrieb Paul Wouters:
On Fri, 17 Apr 2020, Daniel Thielemann wrote:
To secure it up completely I would like to ask if there is any way I
could apply a "private or drop/hold packet" policy to my vpn configs
so that packets are encrypted in ANY case before they leave the box?
if you use auto=ondemand or auto=start, then no unencrypted packets will
ever leave the host. The packets will either get encrypted, or dropped.
I used the parameters already but the shunting
the negotiationshunt/failureshunt is really more meant for mesh
encryption deployments, where some nodes might want to fallback
to cleartext if a node does not support encryption. These values
do not need setting, and should not be set for regular host to host
or site to site tunnels.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
