LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-04-2012, 05:32 AM   #1
vishalwithme
LQ Newbie
 
Registered: Apr 2012
Posts: 4

Rep: Reputation: Disabled
Strongswan - IPsec tunnel - can we have one way tunnel


Hi All,

Being a new bea, i have a basic question related to ipsec tunnel creation.
Taking example. I have 2 hosts host 1 and host 2
Now i have created tunnel properly from host 1 -> host 2

but on host 2 ipsec tunnel is not started yet or not configured.

Can i have one way communication from host 1 to host 2?
host 1 has one way started tunnel.

or is this not possible in ipsec scenario?

Thanks in advance.

Regards,
~Vishal
 
Old 04-04-2012, 09:20 AM   #2
nikmit
Member
 
Registered: May 2011
Location: Nottingham, UK
Distribution: Debian
Posts: 178

Rep: Reputation: 34
Can't happen. The other host has to 'agree' about the tunnel
 
Old 04-04-2012, 09:26 AM   #3
vishalwithme
LQ Newbie
 
Registered: Apr 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hello Nikmit,

Thanks a lot for your time and reply.
What if host 2 doesn't want to communicate to host 1.
I mean what if requirement is for only host 1 -> host 2 secure communication and not reverse.

Regards,
~vishal
 
Old 04-04-2012, 09:44 AM   #4
nikmit
Member
 
Registered: May 2011
Location: Nottingham, UK
Distribution: Debian
Posts: 178

Rep: Reputation: 34
Well, communication has to be bidirectional if it is communication at all.
Otherwise you are just flooding their interface with packets they most likely drop. Reminds of a DoS attack.

With a vpn tunnel - you can encrypt packets all you want, if the other side doesn't know how to decrypt them they will get dropped. It is not a one-way tunnel, it is a waste of bandwidth

For a one way tunnl to exist, you have to configure both hosts correctly, and then use iptables or routing to make sure only one side can send traffic through.

Last edited by nikmit; 04-04-2012 at 09:45 AM.
 
1 members found this post helpful.
Old 04-05-2012, 12:07 AM   #5
vishalwithme
LQ Newbie
 
Registered: Apr 2012
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hello Nikmit,

Thanks for your reply. Now i am able to understand completely.
Thanks much.

Regards,
Vishal.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec VPN Tunnel Connection Help > ..... skate Linux - Networking 7 07-28-2011 09:46 AM
[SOLVED] IPsec - tunnel restrictions and users lucorlis Linux - Networking 1 06-22-2011 01:47 PM
How to set iptables for IPSec tunnel? ecvoyager Linux - Security 3 01-11-2010 08:39 PM
Problems after IPsec tunnel establishment bkankur Linux - Security 1 03-24-2005 05:42 AM
IPSEC Tunnel behind NAT pssst_yeah_you Linux - Networking 0 06-23-2004 04:54 PM


All times are GMT -5. The time now is 07:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration