[strongSwan] Use tunnel to ocassionally proxy internet traffic

[Tobias Brunner]

Hi Tobias,

> I could nail down the tunnel traffic by adding just the 192.168.200.1/24
> as remote/right network on the Draytek config, but then I am not able to
> process the occasional traffic to the internet (if routing from a
> certain source via the tunnel is enabled on the Draytek) without a lot
> of manual modifications (iptables, ip xfrm policies).

Correct, you'll only be able to tunnel traffic that matches the traffic
selectors/IPsec policies.  If you don't know what traffic that is
beforehand, you might want to look into route-based VPNs [1], where the
traffic selectors are 0.0.0.0/0 on both ends and tunneled traffic is
determined via routing.  You then just have to avoid that the Draytek
router automatically routes everything via VPN if such traffic selectors
are negotiated.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN