[strongSwan] How to configure the rw Carol to force the non-vpn directed packets to pass through the same secure tunnel?

Richard Andrews richard.andrews at symstream.com
Thu Aug 16 08:24:03 CEST 2012

If it is IKEv2 I believe you can add multiple traffic selectors to a
tunnel. I haven't experimented with that yet.

>From the man page (leftsubnet)

        When using IKEv2, the configured subnet of the peers may differ,
        the protocol narrows it to the greatest common subnet. Further,
        IKEv2 supports multiple subnets separated by  commas.  IKEv1
        only interprets the first subnet of such a definition.

On Thu, 2012-08-16 at 05:12 +0000, Mao, Zhiheng wrote:
> Hi there,
> I have a testing situation where rw Carol establishes the remote
> access with gw Moon and tunnels the VPN packets (10.1.1.x/24) through
> the Moon. Now I have a need to force other non-vpn directed packets
> (129.46.64.x/24) on Carol to go through the same secure tunnel to the
> Moon. They will be routed later from the Moon after they come out of
> the secure tunnel. Is there any way I can configure Carol (a RedHat 5
> host running strongswan-5.0.0) to do that? Thanks a lot!
> Zhiheng

More information about the Users mailing list