[strongSwan] agile vpn or win ipsec policy

Martin Willi martin at strongswan.org
Thu Sep 4 10:51:23 CEST 2014


> I fear, I basically do not understand the VPN principle.
> If the Win7 client is connected, I cannot use my standard intranet
> connection. Everything seems to be send to the vpn tunnel.

Please read the IKEv2 Split-Tunneling notes at [1]. Split tunneling can
be done with the Agile VPN client, but it is limited to "class based
routing" and does not honor the negotiated traffic selectors.

> My windows-friendly-neighbour said, Windows Agile VPN is not the right
> way, you need to configure the IP security policy

It is designed for host-to-network VPN connections, not sure how well
this fits your scenario. If you want to protect a plain host-to-host
connection, it probably does not work that well, as it uses a virtual IP
usually assigned from the remote network.


More information about the Users mailing list