[strongSwan] Bypassing traffic to local LAN

Tianjie Mao tjmao at tjmao.net
Sat Aug 10 15:40:10 CEST 2013


Hi Jiehan,

Could you please list your current configuration on both sides? I have been
using charon and it does not seem to cause unwanted traffic to be forwarded
to the remote site.

If that is a "local LAN" prefix, it should bypass the policy without a
problem.

If that is a prefix that needs to be forwarded by one or more routers, does
adding a more-specific route work for you?

Regards,
Tianjie Mao
On Aug 10, 2013 9:12 PM, "Jiehan Zheng" <zheng at jiehan.org> wrote:

> Hi,
>
> I am using strongSwan 5.1.0 and my connection is using IKEv2.  The
> rightsubnet on my machine and leftsubnet on the server are both 0.0.0.0/0,
> causing all the traffic, including local LAN traffic from being sent
> through IPsec.  I am looking for a way to exempt local traffic from being
> sent to the server.  I've read through this thread:
> https://lists.strongswan.org/pipermail/users/2010-March/004614.html
>
> However, it's been three years so I am wondering if there is a better way,
> now with version 5.1.0 and charon, to achieve this?
>
> Thanks,
>
> Jiehan
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130810/d3d81f8d/attachment.html>


More information about the Users mailing list