Hello Martin, Thank you for answer. By which way the priority of a policy can be specified into 'ipsec.conf' file? Can you please confirm that the line "rightsubnet=%any" should be replaced by "rightsubnet=0.0.0.0/0"? More exactly, which will be the correct 'ipsec.conf' for my example? Thank you Mugur
-----Original Message----- From: Martin Willi [mailto:[email protected]] Sent: mardi 19 janvier 2010 11:37 To: ABULIUS, MUGUR (MUGUR) Cc: [email protected]; SCARAZZINI, FABRICE (FABRICE); ROSSI, MICHEL MR (MICHEL); Salvarani, Alexandro (Alex); Pisano, Stephen G (Stephen) Subject: Re: [strongSwan] Narrowing TS for a specific host Hi, > conn to-WORLD-unless-HOST1and2 There is no way to exclude specific hosts from a TS. But if you have multiple tunnels, more specific ones match with a higher priority. > rightsubnet=0.0.0.0/0 includes all traffic. If a another tunnel is up to a specific IP, that policy should have a higher priority and it is used for this target address. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
