From the documentation[1]:
disable_policy - BOOLEAN
Disable IPSEC policy (SPD) for this interface
disable_xfrm - BOOLEAN
Disable IPSEC encryption on this interface, whatever the policy
[1] https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
On 03.05.2018 00:29, James Smith wrote:
> Can anyone tell me what the effect of disabling policy and xfrm in sysctl
> has? I see that it is done when I create a VTI tunnel or use 0.0.0.0 as a
> traffic selector, but I can't find any documentation as to what it actually
> does.
>
>
>
signature.asc
Description: OpenPGP digital signature
