[strongSwan] Isolate clients and force local network traffic to an interface

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Nov 29 19:56:04 CET 2017


Hi,

I can't tell what exactly you want. You can tell if traffic was protected with ipsec by using the iptables policy match module.
You can use a VTI[1], too.

Kind regards

Noel

[1] https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN

On 28.11.2017 20:37, Loc Nguyen wrote:
>
> Hi,
>
>  
>
> I create an IPsec network 10.11.0.0/16 and using dnsmasq to assign IP addresses.
>
>  
>
> I able to route all 10.11.0.0/16 network traffic to an interface. I would like also route local network 10.11.0.0/16 between client to client to that interface too.
>
>  
>
> I can use iptables FORWARD to block client to client. Instead of blocking I want the traffic to the interface.
>
>  
>
> Thanks,
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171129/66df9b4c/attachment-0001.sig>


More information about the Users mailing list