Aah, I don't think that will work then. my remote endpoints are will windows 7 machines right now using the windows 7 IKEv2 VPN endpoint client. if there's nothing akin to leftsubnet=0.0.0.0/0!rightnativesubnet, that will tell the client specifically to route everything except the native subnet, and is standards complient enough for win7, then I think I'm just going to have to deal for now :)
On 8/26/2011 11:15, Andreas Steffen wrote: > But using a script the laptop could find out which is its local > subnet and then exempt it from tunnelling. In a script it would be > easier to set the passthrough policy using ip xfrm policy add > then going via ipsec.conf. You could do this even in an updown script. > > Andreas > > On 08/26/2011 06:59 PM, Christ Schlacta wrote: >> I read it over, and it looks like I can specify pass policies for >> certain networks.. Problem is, I want all of 0.0.0.0/0 to send from my >> laptop to my vpn server and across the internet, except that I want >> whatever the subnet of the laptop is to be handled locally (it's usually >> an arbitrary /24 or /22, and there's no way to know what it will be. >> >> On 8/24/2011 9:16 PM, Andreas Steffen wrote: >>> Hello, >>> >>> you can do this with strongswan-4.5.3 by defining a pass shunt policy >>> for the local net as shown in the following example scenario: >>> >>> http://www.strongswan.org/uml/testresults/ikev2/shunt-policies/ >>> >>> Regards >>> >>> Andreas > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
