[strongSwan] Every network except the other side?

Christ Schlacta lists at aarcane.org
Fri Aug 26 21:04:36 CEST 2011

Aah, I don't think that will work then.  my remote endpoints are will 
windows 7 machines right now using the windows 7 IKEv2 VPN endpoint 
client.  if there's nothing akin to 
leftsubnet=!rightnativesubnet, that will tell the client 
specifically to route everything except the native subnet, and is 
standards complient enough for win7, then I think I'm just going to have 
to deal for now :)

On 8/26/2011 11:15, Andreas Steffen wrote:
> But using a script the laptop could find out which is its local
> subnet and then exempt it from tunnelling. In a script it would be
> easier to set the passthrough policy using ip xfrm policy add
> then going via ipsec.conf. You could do this even in an updown script.
> Andreas
> On 08/26/2011 06:59 PM, Christ Schlacta wrote:
>> I read it over, and it looks like I can specify pass policies for
>> certain networks..  Problem is, I want all of to send from my
>> laptop to my vpn server and across the internet, except that I want
>> whatever the subnet of the laptop is to be handled locally (it's usually
>> an arbitrary /24 or /22, and there's no way to know what it will be.
>> On 8/24/2011 9:16 PM, Andreas Steffen wrote:
>>> Hello,
>>> you can do this with strongswan-4.5.3 by defining a pass shunt policy
>>> for the local net as shown in the following example scenario:
>>>     http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/
>>> Regards
>>> Andreas
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==

More information about the Users mailing list