[strongSwan] Roadwarriors redirect the whole traffic
Martin Willi
martin at strongswan.org
Mon Oct 11 09:39:39 CEST 2010
Hi Michele,
> is there a simple way to configure a stronswan vpn concentrator to
> force the roadwarriors to redirect the whole traffic in the vpn tunnel?
Depends a little on your road warrior configuration. Such clients
usually propose to tunnel 0.0.0.0/0 destinations. In IKEv2, the
responder has a chance to narrow this to a smaller subnet. But if it
doesn't, the installed policies/routes will automatically route all
traffic through the tunnel.
> I was wondering if it can be force by the VPN concentrator
> automatically.
You can negotiate the subnet, but you can't really enforce it. In the
end, it is a client local routing decision. Even if a client proposes
0.0.0.0/0, it may use a different policy.
Regards
Martin
More information about the Users
mailing list