Strongswan - IPsec tunnel

vishalwithme · 04-04-2012, 05:32 AM

Hi All,

Being a new bea, i have a basic question related to ipsec tunnel creation.
Taking example. I have 2 hosts host 1 and host 2
Now i have created tunnel properly from host 1 -> host 2

but on host 2 ipsec tunnel is not started yet or not configured.

Can i have one way communication from host 1 to host 2?
host 1 has one way started tunnel.

or is this not possible in ipsec scenario?

Thanks in advance.

Regards,
~Vishal

nikmit · 04-04-2012, 09:20 AM

Can't happen. The other host has to 'agree' about the tunnel

vishalwithme · 04-04-2012, 09:26 AM

Hello Nikmit,

Thanks a lot for your time and reply.
What if host 2 doesn't want to communicate to host 1.
I mean what if requirement is for only host 1 -> host 2 secure communication and not reverse.

Regards,
~vishal

nikmit · 04-04-2012, 09:44 AM

Well, communication has to be bidirectional if it is communication at all.
Otherwise you are just flooding their interface with packets they most likely drop. Reminds of a DoS attack.

With a vpn tunnel - you can encrypt packets all you want, if the other side doesn't know how to decrypt them they will get dropped. It is not a one-way tunnel, it is a waste of bandwidth

For a one way tunnl to exist, you have to configure both hosts correctly, and then use iptables or routing to make sure only one side can send traffic through.

vishalwithme · 04-05-2012, 12:07 AM

Hello Nikmit,

Thanks for your reply. Now i am able to understand completely.
Thanks much.

Regards,
Vishal.