Hello Bernd, Please keep the email thread intact by answering the emails instead of writing new ones from scratch.
Yes, you can use such a kill switch. AFAIK UCI does not support the necessary configuration steps. Just do it the same as on any other Linux. Use swanctl.conf and swanctl. Kind regards Noel Am 06.01.20 um 09:11 schrieb reterverv ercertecrterc: > > > Sorry for double mail and html version. > > I have heard that with strongSwan IPsec drop policies (similar to passthrough > policies) it should be possible to configure a kill switch as with OpenVPN. > > Passtrough policies: > https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples#Passthrough-policy > > Is it possible to block everything with IPsec drop policies and allow only > IPsec IKEv2 traffic? > > And how do I configure this for OpenWRT? > > My last IPsec IKEv2 settings are here: https://wiki.strongswan.org/issues/3291 > > Best regards > > Bernd >
signature.asc
Description: OpenPGP digital signature
