<p>IPsec Mode to establish CHILD_SA with.</p><ul><li><code>tunnel</code> negotiates the CHILD_SA in IPsec Tunnel Mode,</li><li>whereas <code>transport</code> uses IPsec Transport Mode.</li><li><code>transport_proxy</code> signifying the special Mobile IPv6 Transport Proxy Mode.</li><li><code>beet</code> is the Bound End to End Tunnel mixture mode, working with fixed inner addresses without the need to include them in each packet.</li><li>Both <code>transport</code> and <code>beet</code> modes are subject to mode negotiation; <code>tunnel</code> mode is negotiated if the preferred mode is not available.</li><li><code>pass</code> and <code>drop</code> are used to install shunt policies which explicitly bypass the defined traffic from IPsec processing or drop it, respectively.</li></ul><p>StrongSwan default: <code>"tunnel"</code></p>

services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mode

IPsec Mode to establish CHILD_SA with.tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,whereas …

null or one of "tunnel", "transport", "transport_proxy", "beet", "pass", "drop"