I understand the remote access VPN configuration guidance requires that proxy arp be enabled on the internal interface to get the traffic from rightaddresspool machines to leftsubnet addresses off segment but I'm trying to get a better understanding of why and if there's any way to tell the right side of the configuration to consult the routing table instead of bouncing all the traffic off the internal interface which strikes me as inefficient.
Is it a protocol wide restriction of IPSec VPNs or something specific to the LibreSWAN implementation? Thanks, Scott
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
