services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode
IPsec Mode to establish CHILD_SA with.
tunnelnegotiates the CHILD_SA in IPsec Tunnel Mode,- whereas
transportuses IPsec Transport Mode. transport_proxysignifying the special Mobile IPv6 Transport Proxy Mode.beetis the Bound End to End Tunnel mixture mode, working with fixed inner addresses without the need to include them in each packet.- Both
transportandbeetmodes are subject to mode negotiation;tunnelmode is negotiated if the preferred mode is not available. passanddropare used to install shunt policies which explicitly bypass the defined traffic from IPsec processing or drop it, respectively.
StrongSwan default: "tunnel"
- Type
null or one of "tunnel", "transport", "transport_proxy", "beet", "pass", "drop"- Default
null- Declared
- <nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>