[strongSwan] Split tunneling with Strongswan 5.x
kgardenia42 at googlemail.com
Wed Nov 21 17:06:38 CET 2012
On Thu, Nov 15, 2012 at 7:55 AM, Peter van Liesdonk <pvl at compumatica.eu> wrote:
> You are correct, "rightsubnet" serves this purpose.
> Unfortunately IOS devices ignore this setting and route everything over
> the VPN anyway.
> They only support split-tunneling via the Unity extension.
> This is fixed by enabling the 'Unity' plugin available from 5.0.1
> With that plugin enabled the rightsubnet directive works as intended.
Peter, thanks for your reply. This is great information.
> On 14/11/12 17:58, kgardenia42 wrote:
>> If I wanted to *only* tunnel traffic destined for (say) 172.16.32.0/24
>> but wanted the (IOS based, IKEv1) clients to send everything else
>> direct (not via the VPN tunnel). (I believe this is called
>> split-tunneling but maybe that is not correct).
>> It seems that the mechanics of that should be to push out a route to
>> the client which it should tunnel data destined for. I have read the
>> manual and am wondering if "rightsubnet" serves this purpose?
>> Currently I have this set to 0.0.0.0/0 for my config.
>> Am I on the right track with rightsubnet or otherwise how should i go
>> about this? I just need some rough pointers. Or do I need a plugin
>> for this?
>> Users mailing list
>> Users at lists.strongswan.org
> Users mailing list
> Users at lists.strongswan.org
More information about the Users