[strongSwan-dev] Customize route for Android App

[Tobias Brunner]

> My problem is that my intent is blacklist which means I have a list of
> subnets that I want to route through VPN and the rest not. Am I able to
> do that?

If you want to send only traffic to a specific list of subnets through
the VPN tunnel and the rest not then just define these subnets in
leftsubnet, e.g. leftsubnet=10.0.2.0/24,10.0.5.0/24,10.1.0.0/16, on the
server.  The client proposes 0.0.0.0/0 which gets narrowed to that list.

If what you wrote above is not entirely accurate and you actually do
**not** want to tunnel traffic to a specific list of subnets but all
other traffic, then you'd have to list the inverse list of subnets
(which could get quite long).  For instance, if you want to tunnel all
traffic (0.0.0.0/0) except that to private address ranges (10.0.0.0/8,
172.16.0.0/12, 192.168.0.0/16) then you'd define:


leftsubnet=0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3

Regards,
Tobias