Hi Tobias, Which parameter to configure the specific remote IP address for a connection, so that we can reject the messages from any other IP address? I am assuming we are talking about one of parameter in swanctl.conf.
If we are talking about connections.<conn>.remote_addrs.. I did configure remote_addrs, that does not help in Stronswan to ignore IKE-SA-INIT response from a bogus IPv6 address. Is iptables only way to stop it. Thanks, Rajeev On Wed, May 23, 2018 at 3:42 AM, Tobias Brunner <tob...@strongswan.org> wrote: > Hi Rajeev, > > > I would > > imagine it should be rejected. > > Why? Unless you configure specific remote IP addresses for a connection > there is no reason to reject messages from any IPs. > > Regards, > Tobias >
