> My problem is that my intent is blacklist which means I have a list of > subnets that I want to route through VPN and the rest not. Am I able to > do that?
If you want to send only traffic to a specific list of subnets through the VPN tunnel and the rest not then just define these subnets in leftsubnet, e.g. leftsubnet=10.0.2.0/24,10.0.5.0/24,10.1.0.0/16, on the server. The client proposes 0.0.0.0/0 which gets narrowed to that list. If what you wrote above is not entirely accurate and you actually do **not** want to tunnel traffic to a specific list of subnets but all other traffic, then you'd have to list the inverse list of subnets (which could get quite long). For instance, if you want to tunnel all traffic (0.0.0.0/0) except that to private address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) then you'd define: leftsubnet=0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3 Regards, Tobias _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
