[strongSwan] Traffic Selectors
Noel Kuntze
noel at familie-kuntze.de
Thu Mar 2 18:25:12 CET 2017
Charon supports traffic selector narrowing. It does what the name implies
(narrows the locally configured TS and the remote TS down to a common
TS, if possible. Otherwise, reject the client and send it an error.
However, you need to make sure that you can actually configure the client
to send a narrowed TS or enable charon to tell apart full-tunnel and split-tunnel clients.
OpenVPN doesn't implement IPsec, so I don't understand how this is relevant here.
If you want any actual help regarding your specific problem, we require full configuration and logs
of both sides.
On 28.02.2017 23:00, Aanand Ramachandran wrote:
> Hi - would appreciate it if someone can help me with this question.
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* Aanand Ramachandran <aanandr at outlook.com>
> *Sent:* Sunday, February 26, 2017 11:06:18 PM
> *To:* users at lists.strongswan.org
> *Subject:* Traffic Selectors
>
>
> Hi - per this article i should be able to achieve split-tunnel on a Strongswan client by configuring the right TS subnets on the server. The article explains that clients most of the time send 0.0.0.0, so the server can be configured (/leftsubnet /parameter) to send back those subnets that can be accessed over the VPN connection.
>
>
> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
>
>
> However, this doesnt seem to work on Android OepnVPN. In spite of configuring the right traffic selector on the server all traffic from the client is sent to the VPN interface.
>
>
> Can you help me out with this?
>
> <https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling>
>
> ForwardingAndSplitTunneling - strongSwan <https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling>
> wiki.strongswan.org
> Introduction to strongSwan: Forwarding and Split-Tunneling¶ Introduction to strongSwan: Forwarding and Split-Tunneling. Forwarding Client Traffic
>
> thanks,
>
> Aanand
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170302/c1eef3ca/attachment-0001.sig>
More information about the Users
mailing list