<p>Hi Jiehan,</p>
<p>Could you please list your current configuration on both sides? I have been using charon and it does not seem to cause unwanted traffic to be forwarded to the remote site.</p>
<p>If that is a "local LAN" prefix, it should bypass the policy without a problem.</p>
<p>If that is a prefix that needs to be forwarded by one or more routers, does adding a more-specific route work for you?</p>
<p>Regards,<br>
Tianjie Mao</p>
<div class="gmail_quote">On Aug 10, 2013 9:12 PM, "Jiehan Zheng" <<a href="mailto:zheng@jiehan.org">zheng@jiehan.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>Hi,</div><div><br></div><div>I am using strongSwan 5.1.0 and my connection is using IKEv2. The rightsubnet on my machine and leftsubnet on the server are both <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>, causing all the traffic, including local LAN traffic from being sent through IPsec. I am looking for a way to exempt local traffic from being sent to the server. I've read through this thread:</div>
<div><a href="https://lists.strongswan.org/pipermail/users/2010-March/004614.html" target="_blank">https://lists.strongswan.org/pipermail/users/2010-March/004614.html</a><br></div><div><br></div><div>However, it's been three years so I am wondering if there is a better way, now with version 5.1.0 and charon, to achieve this?</div>
<div><br></div><div>Thanks,</div><br clear="all"><div><div dir="ltr"><div>Jiehan<br></div></div></div>
</div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br></blockquote></div>