[strongSwan] split tunneling
Daniel Novy
pepus at ackee.cz
Sat May 18 18:47:58 CEST 2013
Hello,
I'm trying to configure a VPN for my iPhone, but I want to route only a
specific traffic to this VPN.
Just the 172.16.1.0/24 subnet, other connectinos should the iPhone
initiate directly.
I have strongswan 5.0.1, and my configuration is:
root at server:~# cat /usr/local/etc/ipsec.conf
conn client1device1
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=172.16.1.0/24
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=172.16.1.0/24
rightsourceip=172.16.1.1
rightcert=sharedClient1device1Cert.pem
auto=add
Routing table of my iphone after the VPN is up:
iPhone:~ root# netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default utun0 UCS 2 0 utun0
default 10.38.32.178 UGSc 3 0 pdp_ip
default 192.168.0.83 UGSc 1 0 en0
10.38.32.178 10.38.32.178 UH 4 0 pdp_ip
10.38.32.178/32 pdp_ip0 UCS 1 0 pdp_ip
46.255.224.60 utun0 UHW 1 2 utun0
[my_vpnserver_public_ip] 192.168.0.83 UGHS 3
2 en0
127 127.0.0.1 UCS 1 0 lo0
127.0.0.1 127.0.0.1 UH 2 0 lo0
169.254 link#8 UCS 1 0 en0
172.16.1.1 172.16.1.1 UH 1 11 utun0
192.168.0/16 link#8 UCS 3 0 en0
192.168.0.83 0:16:3e:59:6e:7e UHLW 3 28 en0
1165
192.168.1.98 c8:bc:c8:e7:1f:78 UHLW 3 93 en0
1185
192.168.1.99 127.0.0.1 UHS 1 0 lo0
But my all my traffic goes still through the VPN, as it adds utun0 as a
default route.
Can anyone suggest what is wrong? How to force it to route only the
172.16.1.0/24 subnet using the VPN?
Thanks!
More information about the Users
mailing list