[strongSwan] Customizing routing
ValdikSS
iam at valdikss.org.ru
Fri Jan 15 10:47:42 CET 2016
Just FYI, I had a problems with strongSwan on OpenWRT too. Didn't manage it to work.
On 01/13/2016 07:03 PM, Jan Palus wrote:
> On 19.12.2015 13:53, Jan Palus wrote:
> While I finally managed to compile proper modules/iptables to support
> TRACE I still didn't have a chance to debug issue more throughly.
> However I made another observation -- if I establish connection with
> rightsubnet=0.0.0.0/0 and split both routing and xfrm policy then
> connection works fine. Maybe ipsec policy is applied to some packets it
> should not be applied if policy is created against 0.0.0.0/0 -- openwrt
> maintains quite a few patches that might affect it.
>
> I've started wondering though -- would it be possible to add new feature
> to strongswan so client side splitting is performed automatically? All
> the code should be there already -- if I understand correctly that's
> what unity plugin implements among other things. The difference would be
> in a source of splitting information (either provided by peer in case of
> unity or configured manually for the new feature).
>
>
> Regards
> Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 856 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160115/dc0c231d/attachment.pgp>
More information about the Users
mailing list