<p dir="ltr">My bad, typo. What i want is latter.</p>
<p dir="ltr">Sounds not fun, because my list has about 900 items. A reverse would be quite hard to get.</p>
<p dir="ltr">Andy</p>
<div class="gmail_quote">On Dec 18, 2014 7:20 PM, "Tobias Brunner" <<a href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> My problem is that my intent is blacklist which means I have a list of<br>
> subnets that I want to route through VPN and the rest not. Am I able to<br>
> do that?<br>
<br>
If you want to send only traffic to a specific list of subnets through<br>
the VPN tunnel and the rest not then just define these subnets in<br>
leftsubnet, e.g. leftsubnet=<a href="http://10.0.2.0/24,10.0.5.0/24,10.1.0.0/16" target="_blank">10.0.2.0/24,10.0.5.0/24,10.1.0.0/16</a>, on the<br>
server. The client proposes <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> which gets narrowed to that list.<br>
<br>
If what you wrote above is not entirely accurate and you actually do<br>
**not** want to tunnel traffic to a specific list of subnets but all<br>
other traffic, then you'd have to list the inverse list of subnets<br>
(which could get quite long). For instance, if you want to tunnel all<br>
traffic (<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>) except that to private address ranges (<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a>,<br>
<a href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>, <a href="http://192.168.0.0/16" target="_blank">192.168.0.0/16</a>) then you'd define:<br>
<br>
<br>
leftsubnet=<a href="http://0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3" target="_blank">0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3</a><br>
<br>
Regards,<br>
Tobias<br>
<br>
</blockquote></div>