[strongSwan] Exclude protocol from IPsec

Piyush Agarwal agarwalpiyush at gmail.com
Mon May 22 19:09:03 CEST 2017

Reading through the left|rightsubnet, it seems like there is no way to
*exclude* a protocol from getting encrypted?

I have a host to host tunnel and I want to encrypt everything between these
except ICMP since I'd like to do out-of-tunnel ping/traceroute.

Prior to using strongswan, I was using racoon where I could use setkey to
manually update the SPD to exclude icmp alone.

Please advise if there is any way to achieve this with strongswan.


Piyush Agarwal
Life can only be understood backwards; but it must be lived forwards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170522/71c04a34/attachment.html>

More information about the Users mailing list