> > > > As not to get lost: we're still basically trying to get libreswan to > > > install a xfrm policy with the right source IP (i. e. rw.ii.nn.tt) > for the > > > out direction, so that the policy triggers on the outgoing packets > and > > > sends them through the established tunnel, right? > > > > You should have a tunnel policy from 192.0.2.x/32 to srv.ii.nn.tt/32 > > This is exactly where I am stuck now. With my current config, > libreswan installs a tunnel policy from rw.pp.uu.bb/32 to > srv.ii.nn.tt/32, > which obviously cannot trigger. And I have no idea why this happens, nor > what can I do about that. >
Sorry to cut in a bit. I have been watching this with interest. I am only a user of ipsec vpn. Is there really a technical possibility that traffic is somehow passing through the tunnel without being encrypted? Is there not some default drop/fail design if there is no encryption? _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
