[strongSwan] Passthrough Connection

Christian Hanster christian-hanster at gmx.de
Fri Sep 4 20:33:57 CEST 2015


Noel is right in this case. I set up something similar with openswan some time ago. I do not want to route my local network traffic through the tunnel. Therefore I need a passthrough connection. Perhaps you misunderstood that… 

@Noel: I will later search the bug database and if needed fill a bug report. 

Kind regards 
Christian Hanster 
> On 04 Sep 2015, at 20:28, Randy Wyatt <rwwyatt01 at gmail.com> wrote:
> 
> Then why would a passthrough be passed the tunnel.    Passthrough policies are for the local lan only.  I will wait for more of an expert to comment.
> I am willing to accept if I am wrong.
> 
> On Fri, Sep 4, 2015 at 11:25 AM, Noel Kuntze <noel at familie-kuntze.de <mailto:noel at familie-kuntze.de>> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> A passthrough policy always only applies to the local host.
> It's completely okay to use overlapping subnets, because the tunnel doesn't work like a normal route.
> It's source AND Destination based routing. If you apply a passthrough policy for local traffic in your LAN, then it will work.
> The purpose of a passthrough policy is to *explicitely* tell the IPsec stack to *not* do any IPsec processing on certain packets.
> The use case of Christian is *exactly* what it's for.
> 
> - --
> 
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
> 
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJV6eIXAAoJEDg5KY9j7GZYu/IP/AtkpY7UsCf3fx6nSpCxiBWK
> ZJJ1Ip2vaHFnUSDdqvYlkj09m1Cumzo5MRoBZ8NrbdBaftsCrBkBCtyhcwYbPnfC
> ykdqXSH5eQID/BL9qXfYOQhS+llYo1tpW1WgNX4/9mfU/VHpnQ059iWSyO47JxoR
> IgPPuNtkk2q88LWoG4h3QCdws+XG0ui+AG1WIX9pdQ1hror3+Q19rKBRVsJ3paqJ
> msx7A3ZaHa62CQ9iq4ruGaVUR+17ZgGg9G80vjapb1mgnvk0yDQycL3cz+ANm4cH
> HPIZqbc/JvJgcpF1iTVS5ToIrznvXUtaBFIgYLqTqDawyssDe3ly1Jt27+pN0t9V
> CkPCKljoSHMOnZChhxJRyAo8gRxSmBhbETedt7blBQ8CrNaFGVpZw4K2RE5/nCub
> MA1wCbqmXl5hcuAyLLYL2izdsXvZtmUeyARBWkVf12J4Z1m4DHl1iMfTgxma/G0n
> NlTXWXJg7MbaKiPLmmxRn95/rXZoRhTk4ihfiVIKOvBuGIAVBb/u+9NJUax3veHS
> rNdTs4wLgW28Ey6elyAukWIGSO6m75W9fONsBSYFldQw1Ktz04bqoZbAA57QisF2
> ZuE8RV/vD2+yp02/F4b5XS0oELFGh6QDJjVTjaVHRGYno18Eluspz7/4rF357KIk
> 9FBnWOIWPB1oerb44xWS
> =n/f1
> -----END PGP SIGNATURE-----
> 
> 
> 
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150904/bd7a6cff/attachment.html>


More information about the Users mailing list