mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-04 00:00:14 -04:00
e306fa5f73
This is currently only supported on Linux and with the appropriate permissions. Since it's experimental, it's disabled by default. The log messages for each sent and received ESP message are logged in NET like the ones in the socket-default plugin for UDP-encapsulated messages.
15 lines
677 B
Plaintext
15 lines
677 B
Plaintext
charon.plugins.kernel-libipsec.allow_peer_ts = no
|
|
Allow that the remote traffic selector equals the IKE peer.
|
|
|
|
Allow that the remote traffic selector equals the IKE peer. The route
|
|
installed for such traffic (via TUN device) usually prevents further IKE
|
|
traffic. The fwmark options for the _kernel-netlink_ and _socket-default_
|
|
plugins can be used to circumvent that problem.
|
|
|
|
charon.plugins.kernel-libipsec.fwmark = charon.plugins.socket-default.fwmark
|
|
Firewall mark to set on outbound raw ESP packets.
|
|
|
|
charon.plugins.kernel-libipsec.raw_esp = no
|
|
Whether to send and receive ESP packets without UDP encapsulation if
|
|
supported on this platform and no NAT is detected.
|