[strongSwan] split tunneling

Daniel Novy pepus at ackee.cz
Sat May 18 19:19:08 CEST 2013 

Hi,
   I have commented out rightsubnet, but the situation is the same. VPN 
works, but all traffic is routed into VPN.

Dan.

Dne 2013-05-18 19:08, Anton napsal:
> Hi.
>
> Why do You have leftsubnet the same as rightsubnet ?
>
> Try to comment or delete string 'rightsubnet=172.16.1.0/24'.
> 'rightsourceip' should be enough for working tunnel.
>
>
>
> В Sat, 18 May 2013 18:47:58 +0200
> Daniel Novy <pepus at ackee.cz> пишет:
>
>> Hello,
>>
>> I'm trying to configure a VPN for my iPhone, but I want to route 
>> only a
>> specific traffic to this VPN.
>> Just the 172.16.1.0/24 subnet, other connectinos should the iPhone
>> initiate directly.
>>
>> I have strongswan 5.0.1, and my configuration is:
>>
>> root at server:~# cat /usr/local/etc/ipsec.conf
>> conn client1device1
>>          keyexchange=ikev1
>>          authby=xauthrsasig
>>          xauth=server
>>          left=%defaultroute
>>          leftsubnet=172.16.1.0/24
>>          leftfirewall=yes
>>          leftcert=serverCert.pem
>>          right=%any
>>          rightsubnet=172.16.1.0/24
>>          rightsourceip=172.16.1.1
>>          rightcert=sharedClient1device1Cert.pem
>>          auto=add
>>
>> Routing table of my iphone after the VPN is up:
>>
>> iPhone:~ root# netstat -nr
>> Routing tables
>> Internet:
>> Destination        Gateway            Flags    Refs      Use  Netif
>> Expire
>> default            utun0              UCS         2        0  utun0
>> default            10.38.32.178       UGSc        3        0 pdp_ip
>> default            192.168.0.83       UGSc        1        0    en0
>> 10.38.32.178       10.38.32.178       UH          4        0 pdp_ip
>> 10.38.32.178/32    pdp_ip0            UCS         1        0 pdp_ip
>> 46.255.224.60      utun0              UHW         1        2  utun0
>> [my_vpnserver_public_ip]       192.168.0.83       UGHS        3
>> 2    en0
>> 127                127.0.0.1          UCS         1        0    lo0
>> 127.0.0.1          127.0.0.1          UH          2        0    lo0
>> 169.254            link#8             UCS         1        0    en0
>> 172.16.1.1         172.16.1.1         UH          1       11  utun0
>> 192.168.0/16       link#8             UCS         3        0    en0
>> 192.168.0.83       0:16:3e:59:6e:7e   UHLW        3       28    en0
>> 1165
>> 192.168.1.98       c8:bc:c8:e7:1f:78  UHLW        3       93    en0
>> 1185
>> 192.168.1.99       127.0.0.1          UHS         1        0    lo0
>>
>>
>> But my all my traffic goes still through the VPN, as it adds utun0 
>> as a
>> default route.
>>
>> Can anyone suggest what is wrong? How to force it to route only the
>> 172.16.1.0/24 subnet using the VPN?
>>
>> Thanks!
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list