[strongSwan] Passthrough Connection

[Randy Wyatt]

Then why would a passthrough be passed the tunnel.    Passthrough policies
are for the local lan only.  I will wait for more of an expert to comment.
I am willing to accept if I am wrong.

On Fri, Sep 4, 2015 at 11:25 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> A passthrough policy always only applies to the local host.
> It's completely okay to use overlapping subnets, because the tunnel
> doesn't work like a normal route.
> It's source AND Destination based routing. If you apply a passthrough
> policy for local traffic in your LAN, then it will work.
> The purpose of a passthrough policy is to *explicitely* tell the IPsec
> stack to *not* do any IPsec processing on certain packets.
> The use case of Christian is *exactly* what it's for.
>
> - --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJV6eIXAAoJEDg5KY9j7GZYu/IP/AtkpY7UsCf3fx6nSpCxiBWK
> ZJJ1Ip2vaHFnUSDdqvYlkj09m1Cumzo5MRoBZ8NrbdBaftsCrBkBCtyhcwYbPnfC
> ykdqXSH5eQID/BL9qXfYOQhS+llYo1tpW1WgNX4/9mfU/VHpnQ059iWSyO47JxoR
> IgPPuNtkk2q88LWoG4h3QCdws+XG0ui+AG1WIX9pdQ1hror3+Q19rKBRVsJ3paqJ
> msx7A3ZaHa62CQ9iq4ruGaVUR+17ZgGg9G80vjapb1mgnvk0yDQycL3cz+ANm4cH
> HPIZqbc/JvJgcpF1iTVS5ToIrznvXUtaBFIgYLqTqDawyssDe3ly1Jt27+pN0t9V
> CkPCKljoSHMOnZChhxJRyAo8gRxSmBhbETedt7blBQ8CrNaFGVpZw4K2RE5/nCub
> MA1wCbqmXl5hcuAyLLYL2izdsXvZtmUeyARBWkVf12J4Z1m4DHl1iMfTgxma/G0n
> NlTXWXJg7MbaKiPLmmxRn95/rXZoRhTk4ihfiVIKOvBuGIAVBb/u+9NJUax3veHS
> rNdTs4wLgW28Ey6elyAukWIGSO6m75W9fONsBSYFldQw1Ktz04bqoZbAA57QisF2
> ZuE8RV/vD2+yp02/F4b5XS0oELFGh6QDJjVTjaVHRGYno18Eluspz7/4rF357KIk
> 9FBnWOIWPB1oerb44xWS
> =n/f1
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/c82c235b/attachment.html>