[strongSwan-dev] Re : Re: Customize route for Android App

Emeric POUPON emeric.poupon at stormshield.eu
Thu Dec 18 15:46:31 CET 2014


Unfortunately with so many items you are very likely to hit the problem I already described before.
See https://lists.strongswan.org/pipermail/dev/2014-December/001158.html

----- Mail d'origine -----
De: Andy Song <wsongcn at gmail.com>
À: Tobias Brunner <tobias at strongswan.org>
Cc: dev at lists.strongswan.org
Envoyé: Thu, 18 Dec 2014 12:47:33 +0100 (CET)
Objet: Re: [strongSwan-dev] Customize route for Android App

My bad, typo. What i want is latter.

Sounds not fun, because my list has about 900 items. A reverse would be
quite hard to get.

Andy
On Dec 18, 2014 7:20 PM, "Tobias Brunner" <tobias at strongswan.org> wrote:

> > My problem is that my intent is blacklist which means I have a list of
> > subnets that I want to route through VPN and the rest not. Am I able to
> > do that?
>
> If you want to send only traffic to a specific list of subnets through
> the VPN tunnel and the rest not then just define these subnets in
> leftsubnet, e.g. leftsubnet=10.0.2.0/24,10.0.5.0/24,10.1.0.0/16, on the
> server.  The client proposes 0.0.0.0/0 which gets narrowed to that list.
>
> If what you wrote above is not entirely accurate and you actually do
> **not** want to tunnel traffic to a specific list of subnets but all
> other traffic, then you'd have to list the inverse list of subnets
> (which could get quite long).  For instance, if you want to tunnel all
> traffic (0.0.0.0/0) except that to private address ranges (10.0.0.0/8,
> 172.16.0.0/12, 192.168.0.0/16) then you'd define:
>
>
> leftsubnet=
> 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3
>
> Regards,
> Tobias
>
>



More information about the Dev mailing list