[strongSwan] Add routes? (Was: Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?)

[Martin Willi]

> So how can I manually add routes for subnets to the tunnel?

You can't. The negotiated policy does not allow such traffic, hence your
peer won't accept non-matching traffic from the tunnel.

Of course you can do some NAT to map traffic to addresses that are part
of the negotiated tunnel. See [1] for an example how this can be done
with virtual IPs.

Regards
Martin

[1]http://www.strongswan.org/uml/testresults/ikev2/nat-virtual-ip/index.html