ip xfrm policy, dir out vs dir fwd

All of lore.kernel.org
 help / color / mirror / Atom feed

* ip xfrm policy, dir out vs dir fwd
@ 2019-02-15 10:11 Oleg
  0 siblings, 0 replies; only message in thread
From: Oleg @ 2019-02-15 10:11 UTC (permalink / raw)
  To: netdev

  Hi, all.

I don't understand why i need to create dir out policy for transit
ipsec traffic?

For example(conf from 192.168.77.1; it acts as a gateway between world and
private network behind 192.168.77.35):

ip xfrm policy add src 192.168.77.35 dst 0.0.0.0/0 dir fwd tmpl src 192.168.77.35 dst 192.168.77.1 proto esp reqid 1 mode tunnel
ip xfrm policy add src 0.0.0.0/0 dst 192.168.77.35 dir fwd tmpl src 192.168.77.1 dst 192.168.77.35 proto esp reqid 2 mode tunnel

doesn't work. But:

ip xfrm policy add src 192.168.77.35 dst 0.0.0.0/0 dir fwd tmpl src 192.168.77.35 dst 192.168.77.1 proto esp reqid 1 mode tunnel
ip xfrm policy add src 0.0.0.0/0 dst 192.168.77.35 dir out tmpl src 192.168.77.1 dst 192.168.77.35 proto esp reqid 2 mode tunnel

works well.

May be anybody can help me with this?

Thanks!

-- 
Олег Неманов (Oleg Nemanov)

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-02-15 10:17 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-15 10:11 ip xfrm policy, dir out vs dir fwd Oleg

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.