[strongSwan] Customizing routing
iam at valdikss.org.ru
Fri Jan 15 10:47:42 CET 2016
Just FYI, I had a problems with strongSwan on OpenWRT too. Didn't manage it to work.
On 01/13/2016 07:03 PM, Jan Palus wrote:
> On 19.12.2015 13:53, Jan Palus wrote:
> While I finally managed to compile proper modules/iptables to support
> TRACE I still didn't have a chance to debug issue more throughly.
> However I made another observation -- if I establish connection with
> rightsubnet=0.0.0.0/0 and split both routing and xfrm policy then
> connection works fine. Maybe ipsec policy is applied to some packets it
> should not be applied if policy is created against 0.0.0.0/0 -- openwrt
> maintains quite a few patches that might affect it.
> I've started wondering though -- would it be possible to add new feature
> to strongswan so client side splitting is performed automatically? All
> the code should be there already -- if I understand correctly that's
> what unity plugin implements among other things. The difference would be
> in a source of splitting information (either provided by peer in case of
> unity or configured manually for the new feature).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 856 bytes
Desc: OpenPGP digital signature
More information about the Users