[strongSwan] How to express negation in local_ts/remote_ts?
Glen Huang
heyhgl at gmail.com
Mon Oct 28 07:23:20 CET 2019
I tried it.
Such inverted ts is really huge, and in the charon logs I can see the kernel is adding policies like crazy. The client can wait a long time to connect and eventually timeout.
Looks like specifying the inverted ones directly won’t work.
I can probably manually manipulate the routing table on the client to make it connect to these IPs directly, but that won’t work in a locked-down environment like iOS.
I wonder if there is any other way?
> On Oct 27, 2019, at 9:01 PM, Glen Huang <heyhgl at gmail.com> wrote:
>
> Hi,
>
> I wonder is it possible to directly specify that everything should be tunneled other than 1.0.0.0/8? If not, does manually listing all IPs except for 1.0.0.0/8 sound like the right approach?
More information about the Users
mailing list