Hello listusers,
we are currently trying to divide the traffic so that not all the
traffic goes through the VPN tunnel. We have the following (simplified)
network setup:
inside outside
10.x.x.x -- [IPSec GW] -- Internet
and the following config:
# basic configuration
config setup
strictcrlpolicy=no
charonstart=yes
plutostart=no
conn %default
keyexchange=ikev2
leftsubnet=0.0.0.0/0
leftsourceip=aaa.bbb.ccc.ddd
rightsourceip=%pool
mobike=yes
conn rw
right=%any
leftcert=cert.pem
[email protected]
auto=add
we can connect to the strongSwan ipsec gateway from inside and outside.
In both cases, the whole traffic is going through the ipsec tunnel. (
0.0.0.0/0 === virtIP/32 )
What I would like to have is,
ipsec tunnels build from inside should have the following traffic
selector: 0.0.0.0/0 === virtIP/32
ipsec tunnels build from outside (Internet) should have the following
traffic selector: aaa.bbb.0.0/16 == virtIP/32
(Where aaa.bbb is the internal network)
Is there a way to extend/modify the config to get this behaviour?
Thanks
Peter
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
