Set the priorities manually. Make sure the permitting policies have a higher one than the restricting ones.
Am 09.01.20 um 03:26 schrieb reterverv ercertecrterc:
> Thanks for the answer.
>
> I tried, like with passthrough policies.
>
> First I tried to block and then allow IPsec traffic with:
>
> swantchtl.conf:
> -----------------------------
> connections {
> dropall {
> children {
> dropall {
> local_ts = 0.0.0.0/0[%any/%any]
> remote_ts = 0.0.0.0/0[%any/%any]
> mode = drop
> start_action = trap
> }
> }
> }
> }
>
> connections {
> lan-passthrough {
> children {
> lan-passthrough {
> local_ts = 192.168.1.0/24[udp/50/51/53/500/4500]
> remote_ts = 192.168.1.0/24[udp/50/51/53/500/4500]
> mode = pass
> start_action = trap
> }
> }
> }
> }
> ----------------------------------
>
> It's not working. That's why I need help.
>
> Best regards
>
> Bernd
>
signature.asc
Description: OpenPGP digital signature
