[strongSwan] rightsubnet= ???

Florin Andrei florin at andrei.myip.org
Tue May 5 03:05:48 CEST 2015

Looking to create an IPSec tunnel between Strongswan and a Cisco 72xx 
box. The remote end has a large set of fragmented subnets behind the 
firewall. Maintaining that long list would be difficult. I want to 
basically push all outbound traffic through VPN. What's the best way to 
accomplish that?

I'm thinking to do something like:


Am I correct to assume this would push all outbound traffic through the 
VPN tunnel?
However, what will happen to the default route on the VPN machine? Will 
the tunnel work correctly with that rightsubnet?

Also, I assume I will not be able to ssh into the VPN machine except 
from the localnet, is that right?

Florin Andrei

More information about the Users mailing list