On 13.9.2021. 14:08, Tom Smyth wrote: > Can you do an exception for the ranges ... so internet - private ips > you dont want over the tunnel) > > ike esp from 10.90.0.0/24 <http://10.90.0.0/24> to any encrypt > and > > 10.90.0.0/24 <http://10.90.0.0/24> to NOT [networks you dont want > over the tunnel) ? >
:) this was the first thought that i've had ... but i couldn't find how to do it ... at least in man ipsec.conf or isakmpd.conf