[strongSwan] tunnel traffic exemption w/ strongswan
John Mah
john at surfeasy.com
Mon Jan 11 15:47:36 CET 2016
Is there an easy way to configure strongswan to not route traffic to a
single address over an IPSec connection? (ie: alter the gateway's
leftsubnet attribute) This would be similar to the traffic selector,
but... not quite. More like an anti-traffic selector.
We have in our configurations:
conn iphone-ios8
[...]
leftsubnet=0.0.0.0/0
leftfirewall=no
leftcert=ios8.pem
right=%any
rightsubnet=10.251.0.0/16
rightsourceip=10.251.0.0/16
[...]
If so, is there a way to do with IKEv1 connections as well?
thanks,
- John
More information about the Users
mailing list