[strongSwan] strongswan doesn't route traffic

Tobias Brunner tobias at strongswan.org
Thu Sep 12 09:02:19 CEST 2019


> I think options like local_ts, remote_ts should be fine by default.

Not if you want to tunnel all traffic to your server.  Set
`local_ts=` if that's the case.  Regarding forwarding traffic
see [1].

> I grabbed it from strongswan's git
> repository because it's not with Arch's package.

It is, the path is /usr/lib/strongswan/_updown.  Also, the default
script has a very specific purpose (installing firewall rules for
tunneled traffic if a default DROP policy is used for FORWARD), which
you might not actually need, depending on your firewall configuration.



More information about the Users mailing list