My bad, typo. What i want is latter. Sounds not fun, because my list has about 900 items. A reverse would be quite hard to get.
Andy On Dec 18, 2014 7:20 PM, "Tobias Brunner" <[email protected]> wrote: > > My problem is that my intent is blacklist which means I have a list of > > subnets that I want to route through VPN and the rest not. Am I able to > > do that? > > If you want to send only traffic to a specific list of subnets through > the VPN tunnel and the rest not then just define these subnets in > leftsubnet, e.g. leftsubnet=10.0.2.0/24,10.0.5.0/24,10.1.0.0/16, on the > server. The client proposes 0.0.0.0/0 which gets narrowed to that list. > > If what you wrote above is not entirely accurate and you actually do > **not** want to tunnel traffic to a specific list of subnets but all > other traffic, then you'd have to list the inverse list of subnets > (which could get quite long). For instance, if you want to tunnel all > traffic (0.0.0.0/0) except that to private address ranges (10.0.0.0/8, > 172.16.0.0/12, 192.168.0.0/16) then you'd define: > > > leftsubnet= > 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3 > > Regards, > Tobias > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
