LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Strongswan - IPsec tunnel - can we have one way tunnel (http://www.linuxquestions.org/questions/linux-networking-3/strongswan-ipsec-tunnel-can-we-have-one-way-tunnel-938044/)

vishalwithme 04-04-2012 05:32 AM

Strongswan - IPsec tunnel - can we have one way tunnel
 
Hi All,

Being a new bea, i have a basic question related to ipsec tunnel creation.
Taking example. I have 2 hosts host 1 and host 2
Now i have created tunnel properly from host 1 -> host 2

but on host 2 ipsec tunnel is not started yet or not configured.

Can i have one way communication from host 1 to host 2?
host 1 has one way started tunnel.

or is this not possible in ipsec scenario?

Thanks in advance.

Regards,
~Vishal

nikmit 04-04-2012 09:20 AM

Can't happen. The other host has to 'agree' about the tunnel :)

vishalwithme 04-04-2012 09:26 AM

Hello Nikmit,

Thanks a lot for your time and reply.
What if host 2 doesn't want to communicate to host 1.
I mean what if requirement is for only host 1 -> host 2 secure communication and not reverse.

Regards,
~vishal

nikmit 04-04-2012 09:44 AM

Well, communication has to be bidirectional if it is communication at all.
Otherwise you are just flooding their interface with packets they most likely drop. Reminds of a DoS attack.

With a vpn tunnel - you can encrypt packets all you want, if the other side doesn't know how to decrypt them they will get dropped. It is not a one-way tunnel, it is a waste of bandwidth :)

For a one way tunnl to exist, you have to configure both hosts correctly, and then use iptables or routing to make sure only one side can send traffic through.

vishalwithme 04-05-2012 12:07 AM

Hello Nikmit,

Thanks for your reply. Now i am able to understand completely.
Thanks much.

Regards,
Vishal.


All times are GMT -5. The time now is 03:16 AM.