[strongSwan-dev] Re : Re: Customize route for Android App

Emeric POUPON emeric.poupon at stormshield.eu
Thu Dec 18 15:46:31 CET 2014

Unfortunately with so many items you are very likely to hit the problem I already described before.
See https://lists.strongswan.org/pipermail/dev/2014-December/001158.html

----- Mail d'origine -----
De: Andy Song <wsongcn at gmail.com>
À: Tobias Brunner <tobias at strongswan.org>
Cc: dev at lists.strongswan.org
Envoyé: Thu, 18 Dec 2014 12:47:33 +0100 (CET)
Objet: Re: [strongSwan-dev] Customize route for Android App

My bad, typo. What i want is latter.

Sounds not fun, because my list has about 900 items. A reverse would be
quite hard to get.

On Dec 18, 2014 7:20 PM, "Tobias Brunner" <tobias at strongswan.org> wrote:

> > My problem is that my intent is blacklist which means I have a list of
> > subnets that I want to route through VPN and the rest not. Am I able to
> > do that?
> If you want to send only traffic to a specific list of subnets through
> the VPN tunnel and the rest not then just define these subnets in
> leftsubnet, e.g. leftsubnet=,,, on the
> server.  The client proposes which gets narrowed to that list.
> If what you wrote above is not entirely accurate and you actually do
> **not** want to tunnel traffic to a specific list of subnets but all
> other traffic, then you'd have to list the inverse list of subnets
> (which could get quite long).  For instance, if you want to tunnel all
> traffic ( except that to private address ranges (,
>, then you'd define:
> leftsubnet=
> Regards,
> Tobias

More information about the Dev mailing list