[strongSwan] Split tunneling with Strongswan 5.x
Peter van Liesdonk
pvl at compumatica.eu
Thu Nov 15 08:55:25 CET 2012
You are correct, "rightsubnet" serves this purpose.
Unfortunately IOS devices ignore this setting and route everything over
the VPN anyway.
They only support split-tunneling via the Unity extension.
This is fixed by enabling the 'Unity' plugin available from 5.0.1
With that plugin enabled the rightsubnet directive works as intended.
Regards,
Peter
On 14/11/12 17:58, kgardenia42 wrote:
> Hi,
>
> If I wanted to *only* tunnel traffic destined for (say) 172.16.32.0/24
> but wanted the (IOS based, IKEv1) clients to send everything else
> direct (not via the VPN tunnel). (I believe this is called
> split-tunneling but maybe that is not correct).
>
> It seems that the mechanics of that should be to push out a route to
> the client which it should tunnel data destined for. I have read the
> manual and am wondering if "rightsubnet" serves this purpose?
> Currently I have this set to 0.0.0.0/0 for my config.
>
> Am I on the right track with rightsubnet or otherwise how should i go
> about this? I just need some rough pointers. Or do I need a plugin
> for this?
>
> Thanks,
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
>
More information about the Users
mailing list