[strongSwan] routing all traffic through tunnel without local one
Martin Willi
martin at strongswan.org
Mon Mar 8 08:35:25 CET 2010
Hi,
> The problem: I want to route all my internet traffic through the server and
> the local traffic should stay on the local net.
To tunnel all internet traffic, you'll need a 0.0.0.0/0 rightsubnet.
This however, includes your local network in the tunnel too.
To explicitly bypass the local network traffic, you'll need an
additional bypass policy. The IKEv1 daemon pluto supports such bypass
policies using type=passthrough, the IKEv2 daemon does currently not.
But you can use the "ip xfrm" command to install a static bypass rule
for local traffic.
Regards
Martin
More information about the Users
mailing list