Project

General

Profile

Feature #3075

IPsec Labelling

Added by Andy Fortman over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
configuration
Target version:
-
Start date:
29.05.2019
Due date:
Estimated time:
Resolution:

Description

Hi,

Would it be possible to add IPsec-labeling to the roadmap?

It allows you to separate different security levels with IPsec as a network solution for Multi-level Security
Libreswan has something like this, and I was wondering if we could add something like that to Strongswan

Here's a couple relevant links -

IPsec as a MLS solution: http://selinuxproject.org/page/NB_Networking
Libreswan: https://libreswan.org/man/ipsec.conf.5.html

labeled-ipsec

Whether labeled IPsec should be enabled or not; acceptable values are no (the default) and yes. See also policy-label= and secctx-attr-type=

policy-label

The string representation of an access control security label that is interpreted by the LSM (e.g. SELinux) for use with Labeled IPsec. See also labeled-ipsec= and secctx-attr-type=. For example, policy-label=system_u:object_r:ipsec_spd_t:s0-s15:c0.c1023

Also available in: Atom PDF