[strongSwan] Fwd: Guidance on split-exclude when using Unity plugin
Martin Willi
martin at strongswan.org
Tue Feb 5 11:14:17 CET 2013
Hi,
> a] that my www.2600.com experiment is a valid one and that my
> expectations are correct
It is, but I don't think it is possible to get Split-Exclude working
with iOS.
> b] if you saw anything meaningful/useful in the log output I provided.
> Shunted Connections:
> Unity (ios[1]: 207.99.30.226/32): 10.0.0.1/32 === 207.99.30.226/32 PASS
The problem seems to be that we install the bypass policy using the
virtual IP. This does not make a lot of sense, at least for this kind of
setup.
Instead, we should install the bypass policy between the local 192.*
address and 2600.com. You may try to experiment with the completely
untested patch attached. I don't know if we need some changes to route
installation, alternatively you can try to force the local source
address in your application for testing (ping -I or so). I'll have to
take a closer look to this when I find some time.
Regards
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: no-vip-for-split-exclude.patch
Type: text/x-patch
Size: 1110 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130205/56a8c1f1/attachment.bin>
More information about the Users
mailing list