[strongSwan] Bypassing traffic to local LAN
Andreas Steffen
andreas.steffen at strongswan.org
Sat Aug 10 17:15:39 CEST 2013
Hi Jiehan,
yes there is a better way using the type=passt option
as in the following example scenario:
http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/
Just add a passthrough shunt policy for your local net in ipsec.conf
conn local-net
leftsubnet=10.1.0.0/16
rightsubnet=10.1.0.0/16
authby=never
type=pass
auto=route
Regards
Andreas
On 08/10/2013 03:12 PM, Jiehan Zheng wrote:
> Hi,
>
> I am using strongSwan 5.1.0 and my connection is using IKEv2. The
> rightsubnet on my machine and leftsubnet on the server are both
> 0.0.0.0/0 <http://0.0.0.0/0>, causing all the traffic, including local
> LAN traffic from being sent through IPsec. I am looking for a way to
> exempt local traffic from being sent to the server. I've read through
> this thread:
> https://lists.strongswan.org/pipermail/users/2010-March/004614.html
>
> However, it's been three years so I am wondering if there is a better
> way, now with version 5.1.0 and charon, to achieve this?
>
> Thanks,
>
> Jiehan
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130810/da62be02/attachment.bin>
More information about the Users
mailing list