<div dir="ltr">Hi,<div>Reading through the left|rightsubnet, it seems like there is no way to *exclude* a protocol from getting encrypted? </div><div><br></div><div>I have a host to host tunnel and I want to encrypt everything between these except ICMP since I'd like to do out-of-tunnel ping/traceroute.</div><div><br></div><div>Prior to using strongswan, I was using racoon where I could use setkey to manually update the SPD to exclude icmp alone.</div><div><br></div><div>Please advise if there is any way to achieve this with strongswan.</div><div><br></div><div>Thanks.<br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><span style="font-size:12.8px">Piyush Agarwal</span><br></div><div><span style="color:rgb(17,17,17)"><font face="arial, helvetica, sans-serif" size="2">Life can only be understood backwards; but it must be lived forwards.</font></span><br></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div>