Tanzeeb Khalili

@tobiasbrunner Sure! Given we've got a cluster of machines (`machine-1`, `machine-2`, and `machine-3`) and we want to add transport-mode IPsec to all of them, we can use the optional policy...

Do you mean something like this? 1. Add strongSwan to `machine-1`, passthrough to `machine-2` and `machine-3`. It will be able to talk to `machine-2` and `machine-3`. 2. Add strongSwan to...

Manually installing the passthrough policy before starting strongSwan is not working for us. We are using `auto=route`, which makes strongSwan install the IPsec policy as soon as it starts. Is...

Also, would it be better to configure this through `ipsec.conf` / `swanctl.conf` instead of `strongswan.conf`?

Thanks for your suggestion, we will try `auto=add`. If this makes strongSwan respond to incoming IKE requests but not try to initiate outgoing IKE requests, it can work for us....

@tobiasbrunner `auto=add` worked perfectly, we didn't even need the passthrough policies. Thanks for your help!

Hi @tobiasbrunner , We've run into an issue where `auto=add` doesn't suffice. Given `optional-machine` is configured with `auto=add` and `mandatory-machine` is configured with `auto=route`: If `optional-machine` pings `mandatory-machine` first, the...

@rafaeltello is looking at it now /assign @rafaeltello

> I suggest using `weight = "Medium"` for ur font and it should look similar to iTerm2 (that's what i do actually). This fixed the issue for me. Setting `weight...