[strongSwan] Can I ignore some IPs in leftsubnet by using iptables?
Andreas Steffen
andreas.steffen at strongswan.org
Mon Sep 20 12:22:54 CEST 2010
Using iptables you cannot prevent traffic from these two hosts
from being tunneled. You just can discard the tunneled traffic
on the receiving end. The right thing to do is to insert passthrough
rules which exempt these two hosts from IPsec. You can do this
manually using the
ip xfrm policy add
command.
Regards
Andreas
On 20.09.2010 12:09, Nguyễn Hoàng Anh wrote:
>
>
> Hello all strongswan members!
>
> I have a Net-to-Net tunnel with leftsubnet = 10.2.2.0/24
> <http://10.2.2.0/24>, now, I want to ignore two hosts 10.2.2.3 and
> 10.2.2.4. That mean all traffic to the hosts is not in the tunnel.
> can I do that by use Iptables?
>
> Many thanks!
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list