[strongSwan] Bypassing traffic to local LAN

Andreas Steffen andreas.steffen at strongswan.org
Sat Aug 10 17:15:39 CEST 2013

Hi Jiehan,

yes there is a better way using the type=passt option
as in the following example scenario:


Just add a passthrough shunt policy for your local net in ipsec.conf

conn local-net



On 08/10/2013 03:12 PM, Jiehan Zheng wrote:
> Hi,
> I am using strongSwan 5.1.0 and my connection is using IKEv2.  The
> rightsubnet on my machine and leftsubnet on the server are both
> <>, causing all the traffic, including local
> LAN traffic from being sent through IPsec.  I am looking for a way to
> exempt local traffic from being sent to the server.  I've read through
> this thread:
> https://lists.strongswan.org/pipermail/users/2010-March/004614.html
> However, it's been three years so I am wondering if there is a better
> way, now with version 5.1.0 and charon, to achieve this?
> Thanks,
> Jiehan

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130810/da62be02/attachment.bin>

More information about the Users mailing list