Thanks for the answer.
I tried, like with passthrough policies.
First I tried to block and then allow IPsec traffic with:
swantchtl.conf:
-----------------------------
connections {
dropall {
children {
dropall {
local_ts = 0.0.0.0/0[%any/%any]
remote_ts = 0.0.0.0/0[%any/%any]
mode = drop
start_action = trap
}
}
}
}
connections {
lan-passthrough {
children {
lan-passthrough {
local_ts = 192.168.1.0/24[udp/50/51/53/500/4500]
remote_ts = 192.168.1.0/24[udp/50/51/53/500/4500]
mode = pass
start_action = trap
}
}
}
}
----------------------------------
It's not working. That's why I need help.
Best regards
Bernd
