[strongSwan] Exclude protocol from IPsec
agarwalpiyush at gmail.com
Mon May 22 19:09:03 CEST 2017
Reading through the left|rightsubnet, it seems like there is no way to
*exclude* a protocol from getting encrypted?
I have a host to host tunnel and I want to encrypt everything between these
except ICMP since I'd like to do out-of-tunnel ping/traceroute.
Prior to using strongswan, I was using racoon where I could use setkey to
manually update the SPD to exclude icmp alone.
Please advise if there is any way to achieve this with strongswan.
Life can only be understood backwards; but it must be lived forwards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users