You are correct, "rightsubnet" serves this purpose. Unfortunately IOS devices ignore this setting and route everything over the VPN anyway. They only support split-tunneling via the Unity extension.
This is fixed by enabling the 'Unity' plugin available from 5.0.1 With that plugin enabled the rightsubnet directive works as intended. Regards, Peter On 14/11/12 17:58, kgardenia42 wrote: > Hi, > > If I wanted to *only* tunnel traffic destined for (say) 172.16.32.0/24 > but wanted the (IOS based, IKEv1) clients to send everything else > direct (not via the VPN tunnel). (I believe this is called > split-tunneling but maybe that is not correct). > > It seems that the mechanics of that should be to push out a route to > the client which it should tunnel data destined for. I have read the > manual and am wondering if "rightsubnet" serves this purpose? > Currently I have this set to 0.0.0.0/0 for my config. > > Am I on the right track with rightsubnet or otherwise how should i go > about this? I just need some rough pointers. Or do I need a plugin > for this? > > Thanks, > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
