On 23.03.2017 18:17, Thomas Creutz wrote:
> After I revisited my firewall settings in detail, I found my mistake! We > don't need the custom rules! > You actually do, because the remote networks are only trustworthy and reachable (the latter meaning the *actual* network you want to reach), if the packets are IPsec protected. That means, when "-m policy --pol ipsec --dir in" in the iptables rules evaluates to TRUE, but you can't pass that extra match into the zone definition, so it's not secure to just create the zone. -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
