[strongSwan] Every network except the other side?

Andreas Steffen andreas.steffen at strongswan.org
Fri Aug 26 20:15:04 CEST 2011


But using a script the laptop could find out which is its local
subnet and then exempt it from tunnelling. In a script it would be
easier to set the passthrough policy using ip xfrm policy add
then going via ipsec.conf. You could do this even in an updown script.

Andreas

On 08/26/2011 06:59 PM, Christ Schlacta wrote:
> I read it over, and it looks like I can specify pass policies for
> certain networks..  Problem is, I want all of 0.0.0.0/0 to send from my
> laptop to my vpn server and across the internet, except that I want
> whatever the subnet of the laptop is to be handled locally (it's usually
> an arbitrary /24 or /22, and there's no way to know what it will be.
> 
> On 8/24/2011 9:16 PM, Andreas Steffen wrote:
>> Hello,
>>
>> you can do this with strongswan-4.5.3 by defining a pass shunt policy
>> for the local net as shown in the following example scenario:
>>
>>    http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/
>>
>> Regards
>>
>> Andreas

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list