[strongSwan] tunnel traffic exemption w/ strongswan

[Thomas Egerer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On January 11, 2016 3:47:36 PM GMT+01:00, John Mah <john at surfeasy.com> wrote:
>Is there an easy way to configure strongswan to not route traffic to a
>single address over an IPSec connection? (ie: alter the gateway's
>leftsubnet attribute) This would be similar to the traffic selector,
>but... not quite. More like an anti-traffic selector.
>
>We have in our configurations:
>
>conn iphone-ios8
>   [...]
>   leftsubnet=0.0.0.0/0
>   leftfirewall=no
>   leftcert=ios8.pem
>   right=%any
>   rightsubnet=10.251.0.0/16
>   rightsourceip=10.251.0.0/16
>   [...]
>
>If so, is there a way to do with IKEv1 connections as well?
>
>thanks,
>- John
>_______________________________________________
>Users mailing list
>Users at lists.strongswan.org
>https://lists.strongswan.org/mailman/listinfo/users

Try a type = passthrough connection for the particular IP [1]

[1] https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
- --
Sent from a mobile device. Please excuse my brevity.
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQI+BAEBCgAoBQJWlWmGIRxUaG9tYXMgRWdlcmVyIDxoYWtrZV8wMDdAZ214LmRl
PgAKCRBit9TjYqwUxrulD/47wYwTg+Cczmtc2uYcpGwYzc/eciLzCaPq3XV13c3Z
BCTku3W4uCnSPr6bUP0/WeTopfK9/jSrBwF9T7nZLBeaJOAQk8mztaI4xXjAWzGR
ENfSI/p/5NMasw4bV5bZ+5CijSW5Wjia9OE7Wq5oDhGC96mnQl5QDB7ENsWlhCTD
uJKtuMrTvHb4KOJTEKLGwLBuvaOlOJYWl/RayDCi7yMD5T5N/C71KTrQ17hCrQJs
vwuJrrFoYj7+1qJsZjB8O08gCusOqBy4SC/ovQWKtrARPls8oZH7bZ/NT6cSFUfN
vUuK7O1XIIWIU3rWPa/OoEIaqQ5d/9oHuRzYgbnOaSeG3zuTQtS8/pVaG/uhbpWK
CEuWb4j8YqNNAC8HpBl9P93t+4hiQwFFjyoK54oZxlzRLLrLwL+hjfcXQQSPi9O7
AgPwrItnCJu08nvG6wlAOz0MB1+/+R6s5EUCGlTr8rXGYxw37hY4/Xkp9BBkMw6L
XFzwfRJ8a7SfSst82CiNNEUf9gN/voIl32tTTxeaikD5oSimf4TF78musm/S865/
cF1QGmOCry54oqjI+q/9y1Se9xpGUmV4jW03jQDb1FYXPYfa87DXCM0wutWkmyzG
GHLxFG5zzDkTG4YO/HQIJySpazXkiU58jw61Oqs1DaO8YmKZVnBU+B3/uUGpZ21s
Og==
=1p0U
-----END PGP SIGNATURE-----