[strongSwan] How to express negation in local_ts/remote_ts?
Tobias Brunner
tobias at strongswan.org
Mon Oct 28 10:28:36 CET 2019
Hi Glen,
> Such inverted ts is really huge
Huge? Excluding 1.0.0.0/8 from 0.0.0.0/0 results in eight subnets:
0.0.0.0/8,2.0.0.0/7,4.0.0.0/6,8.0.0.0/5,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/1
I think that should be workable.
> I can probably manually manipulate the routing table on the client to make it connect to these IPs directly, but that won’t work in a locked-down environment like iOS.
>
> I wonder if there is any other way?
Passthrough/bypass policies and routing manipulations are both possible
approaches for certain clients and scenarios, but it really depends.
And as you say, some clients don't provide much flexibility at all.
Regards,
Tobias
More information about the Users
mailing list