[strongSwan] Every network except the other side?

Christ Schlacta lists at aarcane.org
Fri Aug 26 18:59:23 CEST 2011


I read it over, and it looks like I can specify pass policies for 
certain networks..  Problem is, I want all of 0.0.0.0/0 to send from my 
laptop to my vpn server and across the internet, except that I want 
whatever the subnet of the laptop is to be handled locally (it's usually 
an arbitrary /24 or /22, and there's no way to know what it will be.

On 8/24/2011 9:16 PM, Andreas Steffen wrote:
> Hello,
>
> you can do this with strongswan-4.5.3 by defining a pass shunt policy
> for the local net as shown in the following example scenario:
>
>    http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/
>
> Regards
>
> Andreas
>
> On 08/25/2011 02:34 AM, Christ Schlacta wrote:
>> is it possible to configure Strongswan + IKEv2 using charon as per usual
>> in roadwarrior mode to specify that the networks to be accessible across
>> the IKEv2 tunnel are to be ALL networks except the right hand subnet as
>> it is known to the right side at the point in time of connection?  I
>> connect from numerous networks, and would like to be able to browse the
>> local network with all traffic beyond the current subnet being sent
>> along the VPN.
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==





More information about the Users mailing list