[strongSwan] Every network except the other side?

Andreas Steffen andreas.steffen at strongswan.org
Fri Aug 26 20:15:04 CEST 2011

But using a script the laptop could find out which is its local
subnet and then exempt it from tunnelling. In a script it would be
easier to set the passthrough policy using ip xfrm policy add
then going via ipsec.conf. You could do this even in an updown script.


On 08/26/2011 06:59 PM, Christ Schlacta wrote:
> I read it over, and it looks like I can specify pass policies for
> certain networks..  Problem is, I want all of to send from my
> laptop to my vpn server and across the internet, except that I want
> whatever the subnet of the laptop is to be handled locally (it's usually
> an arbitrary /24 or /22, and there's no way to know what it will be.
> On 8/24/2011 9:16 PM, Andreas Steffen wrote:
>> Hello,
>> you can do this with strongswan-4.5.3 by defining a pass shunt policy
>> for the local net as shown in the following example scenario:
>>    http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/
>> Regards
>> Andreas

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list