subject:"\[strongSwan\] How to set local_ts to exclude one special ip in a subnet\?"

[strongSwan] How to set local_ts to exclude one special ip in a subnet?

2017-08-31 Thread nfel

I have read the wiki about swanctl.conf, but have not found a good solution.
e.g. I have a subnet 172.22.0.0/16, and a special ip 172.22.22.22 who does not 
want to run into ipsec tunnel.
Does StrongSwan support '-'?
like this:
local_ts = 172.22.0.1-172.22.22.21,172.22.22.23-172.22.255.255
Is there any easy way?

Thx~

Re: [strongSwan] How to set local_ts to exclude one special ip in a subnet?

2017-08-31 Thread Tobias Brunner

Hi,

> Is there any easy way?

Define a passthrough policy for that IP (mode=pass).

Regards,
Tobias

[strongSwan] How to set local_ts to exclude one special ip in a subnet?

2017-08-31 Thread nfel

I have read the wiki about swanctl.conf, but have not found a good solution.
e.g. I have a subnet 172.22.0.0/16, and a special ip 172.22.22.22 who does not 
want to run into ipsec tunnel.
Does StrongSwan support '-'?
like this:
local_ts = 172.22.0.1-172.22.22.21,172.22.22.23-172.22.255.255
Is there any easy way?

Thx~