> Is it possible to select specific type like type 135 (Neighbor > Solicitation) to be encrypted/bypass?
ICMP subtypes can be specified as a port in leftprotoport, i.e. icmp/8 will encapsulate ICMPv4 echo requests only. I haven't tested this extensively, though, and I'm not sure if this works for IPv6. Unlike in the IKEv1 daemon, we currently do not support bypass policies in IKEv2. But you may install such a bypass policy manually using "ip xfrm". Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
