[strongSwan-dev] Customize route for Android App
Andy Song
wsongcn at gmail.com
Thu Dec 18 12:47:33 CET 2014
My bad, typo. What i want is latter.
Sounds not fun, because my list has about 900 items. A reverse would be
quite hard to get.
Andy
On Dec 18, 2014 7:20 PM, "Tobias Brunner" <tobias at strongswan.org> wrote:
> > My problem is that my intent is blacklist which means I have a list of
> > subnets that I want to route through VPN and the rest not. Am I able to
> > do that?
>
> If you want to send only traffic to a specific list of subnets through
> the VPN tunnel and the rest not then just define these subnets in
> leftsubnet, e.g. leftsubnet=10.0.2.0/24,10.0.5.0/24,10.1.0.0/16, on the
> server. The client proposes 0.0.0.0/0 which gets narrowed to that list.
>
> If what you wrote above is not entirely accurate and you actually do
> **not** want to tunnel traffic to a specific list of subnets but all
> other traffic, then you'd have to list the inverse list of subnets
> (which could get quite long). For instance, if you want to tunnel all
> traffic (0.0.0.0/0) except that to private address ranges (10.0.0.0/8,
> 172.16.0.0/12, 192.168.0.0/16) then you'd define:
>
>
> leftsubnet=
> 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20141218/ea10e981/attachment.html>
More information about the Dev
mailing list