Strongswan - IPsec tunnel - can we have one way tunnel
Hi All,
Being a new bea, i have a basic question related to ipsec tunnel creation. Taking example. I have 2 hosts host 1 and host 2 Now i have created tunnel properly from host 1 -> host 2 but on host 2 ipsec tunnel is not started yet or not configured. Can i have one way communication from host 1 to host 2? host 1 has one way started tunnel. or is this not possible in ipsec scenario? Thanks in advance. Regards, ~Vishal |
Can't happen. The other host has to 'agree' about the tunnel :)
|
Hello Nikmit,
Thanks a lot for your time and reply. What if host 2 doesn't want to communicate to host 1. I mean what if requirement is for only host 1 -> host 2 secure communication and not reverse. Regards, ~vishal |
Well, communication has to be bidirectional if it is communication at all.
Otherwise you are just flooding their interface with packets they most likely drop. Reminds of a DoS attack. With a vpn tunnel - you can encrypt packets all you want, if the other side doesn't know how to decrypt them they will get dropped. It is not a one-way tunnel, it is a waste of bandwidth :) For a one way tunnl to exist, you have to configure both hosts correctly, and then use iptables or routing to make sure only one side can send traffic through. |
Hello Nikmit,
Thanks for your reply. Now i am able to understand completely. Thanks much. Regards, Vishal. |
All times are GMT -5. The time now is 04:57 AM. |