[strongSwan] Every network except the other side?
Christ Schlacta
lists at aarcane.org
Fri Aug 26 21:04:36 CEST 2011
Aah, I don't think that will work then. my remote endpoints are will
windows 7 machines right now using the windows 7 IKEv2 VPN endpoint
client. if there's nothing akin to
leftsubnet=0.0.0.0/0!rightnativesubnet, that will tell the client
specifically to route everything except the native subnet, and is
standards complient enough for win7, then I think I'm just going to have
to deal for now :)
On 8/26/2011 11:15, Andreas Steffen wrote:
> But using a script the laptop could find out which is its local
> subnet and then exempt it from tunnelling. In a script it would be
> easier to set the passthrough policy using ip xfrm policy add
> then going via ipsec.conf. You could do this even in an updown script.
>
> Andreas
>
> On 08/26/2011 06:59 PM, Christ Schlacta wrote:
>> I read it over, and it looks like I can specify pass policies for
>> certain networks.. Problem is, I want all of 0.0.0.0/0 to send from my
>> laptop to my vpn server and across the internet, except that I want
>> whatever the subnet of the laptop is to be handled locally (it's usually
>> an arbitrary /24 or /22, and there's no way to know what it will be.
>>
>> On 8/24/2011 9:16 PM, Andreas Steffen wrote:
>>> Hello,
>>>
>>> you can do this with strongswan-4.5.3 by defining a pass shunt policy
>>> for the local net as shown in the following example scenario:
>>>
>>> http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/
>>>
>>> Regards
>>>
>>> Andreas
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
More information about the Users
mailing list