But using a script the laptop could find out which is its local subnet and then exempt it from tunnelling. In a script it would be easier to set the passthrough policy using ip xfrm policy add then going via ipsec.conf. You could do this even in an updown script.
Andreas On 08/26/2011 06:59 PM, Christ Schlacta wrote: > I read it over, and it looks like I can specify pass policies for > certain networks.. Problem is, I want all of 0.0.0.0/0 to send from my > laptop to my vpn server and across the internet, except that I want > whatever the subnet of the laptop is to be handled locally (it's usually > an arbitrary /24 or /22, and there's no way to know what it will be. > > On 8/24/2011 9:16 PM, Andreas Steffen wrote: >> Hello, >> >> you can do this with strongswan-4.5.3 by defining a pass shunt policy >> for the local net as shown in the following example scenario: >> >> http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/ >> >> Regards >> >> Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
