[strongSwan] agile vpn or win ipsec policy
Martin Willi
martin at strongswan.org
Thu Sep 4 10:51:23 CEST 2014
Hi,
> I fear, I basically do not understand the VPN principle.
> If the Win7 client is connected, I cannot use my standard intranet
> connection. Everything seems to be send to the vpn tunnel.
Please read the IKEv2 Split-Tunneling notes at [1]. Split tunneling can
be done with the Agile VPN client, but it is limited to "class based
routing" and does not honor the negotiated traffic selectors.
> My windows-friendly-neighbour said, Windows Agile VPN is not the right
> way, you need to configure the IP security policy
It is designed for host-to-network VPN connections, not sure how well
this fits your scenario. If you want to protect a plain host-to-host
connection, it probably does not work that well, as it uses a virtual IP
usually assigned from the remote network.
Regards
Martin
More information about the Users
mailing list