[strongSwan] Strongswan VPN Profile for Android.

[Aanand Ramachandran]

Hi Tobias
A month back we discussed about split-tunnel routes and you mentioned that the next release of Android client would allow split-tunnel routes to be specified. I noticed that version 1.9 has it. Does the Strongswan client for Mac also have this capability? The Strongswan documentation for Mac doesn’t mention it but wanted to double check with you.

Aanand

-----Original Message-----
From: Tobias Brunner [mailto:tobias at strongswan.org] 
Sent: Monday, June 26, 2017 8:50 AM
To: Aanand Ramachandran <aanandr at microsoft.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] Strongswan VPN Profile for Android.

Hi Aanand,

> When will Strongswan be adding rowsing for profile files using SAF?

As I mentioned, with the next release (the code can be found in the android-updates branch), which is due this or next week.

> Also, how do I specify split tunnel routes? Does the server have to enforce that by proposing a Traffic Selector containing only destn network address prefixes? The problem with controlling this at the policy level is that all traffic will have to be sent to the tunnel interface first after which it will either be sent over the tunnel (if it matches policy) or traffic gets dropped.

That's not true.  The traffic selector is translated to routes accordingly so only traffic matching the TS will be routed over the tunnel interface.  The next release of the app will allow modifying the routes on the client, though (only include specific traffic or exclude certain traffic).

Regards,
Tobias