[strongSwan] Guidance on split-exclude when using Unity plugin
Martin Willi
martin at strongswan.org
Fri Feb 1 12:02:10 CET 2013
Hi,
> I have a VPN (strongswwan 5.0.2) which is a gateway for all traffic
> (IOS devices, ikev1). I would like to exclude certain "sites" (aka
> hostnames) from that.
As far as I know, split-exclude does not work with iOS clients. It works
with OS X, but unfortunately not with iOS or the native Android client.
Split-include works fine with iOS.
> I have replicated this on both IOS clients and an Ubuntu strongswan
> client.
What version of strongSwan was running on Ubuntu? You'll require at
least 5.0.1 with the unity plugin enabled to get split-include/exclude
working. How does the routing table look like (ip route show table 220),
and what policies get installed (ipsec statusall, ip xfrm policy)?
Regards
Martin
More information about the Users
mailing list