[strongSwan] routing traffic to site to site ipsec tunnel

Noel Kuntze noel at familie-kuntze.de
Wed Dec 17 20:31:13 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Eric,

You can use passthrough policies for your local networks and  a ts of localnet == 0.0.0.0/0 for that.
You will need to use some custom firewall rule to except IPsec traffic from NAT. Look through the list archive
for some emails from me about that topic.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 17.12.2014 um 13:21 schrieb Eric Y. Zhang:
> Hi all
> here is my setup
>
> strongswan(openwrt)<----->strongswan(linux VPS), the ipsec tunnel is up between those 2.
>
> Now  I want to route all traffic except domestic to that tunnel. How can I make that work?
> --
> Life is harsh
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUkdn/AAoJEDg5KY9j7GZYWF0QAIFdtVrO9W9BAT5I3tMyaLef
P/RiXH4XMVI+8bWOc3ti8lm6m4QNeConni5NRF9AAE5vpeQoOSfxiCYaTcHomv7f
fji0ORb0n07TRL34G4hhmg10e16Rl1rowujhNo/LUg/euogwRB19DZs9+FbUndIN
UIUHY9wWA7eaBpmyYAJS69nejB7ZcaaK2yD6kt5gRxJgf0alQtaCGybiDhhmEfDp
rbj2p0riA9Kgo6j8DzI0WWlf1l7gq2C+pasV1XLDYh/VGp0PFRbwfNUMdYVvbgDn
U/vXZ/W8C9ddrqcI1i7ZsVqk+/qgX3xTMyhfbfwYlMEHx2H3LrL916zqf0H1xDnj
0/hwGETXCHfIWR78GF+6/AX+iUk+jn1PHapVgLNM8SAYlBmf0xxYVss8y9hAlimn
n9ReRari2+PEMFQisZ6+Vdt+IkE7r43XgDOhVb2e987i52ocAdSITAPWKDCTvj47
41fw4fUXzuFTeUciEvfQrjhm3OdskxysyEf+UwKAnVi4pZncTT3+n5cp955IR/nv
3/maizD0EHtlKr7iylvdcp/Z2kKc/okqks5QpyBDuUVd+2FotPVUjYKg0PAgT0oJ
BoJphf35usL/rZVT8Vs3eQtQ+xS3x5zmieFuK1flex5ppFj5pkrcytH4a8bnAMl7
dw6HG55NEhMpUGq5n7GU
=OmKw
-----END PGP SIGNATURE-----




More information about the Users mailing list