On Thu, Nov 15, 2012 at 7:55 AM, Peter van Liesdonk <[email protected]> wrote: > You are correct, "rightsubnet" serves this purpose. > Unfortunately IOS devices ignore this setting and route everything over > the VPN anyway. > They only support split-tunneling via the Unity extension. > > This is fixed by enabling the 'Unity' plugin available from 5.0.1 > With that plugin enabled the rightsubnet directive works as intended.
Peter, thanks for your reply. This is great information. Thanks. > > On 14/11/12 17:58, kgardenia42 wrote: >> Hi, >> >> If I wanted to *only* tunnel traffic destined for (say) 172.16.32.0/24 >> but wanted the (IOS based, IKEv1) clients to send everything else >> direct (not via the VPN tunnel). (I believe this is called >> split-tunneling but maybe that is not correct). >> >> It seems that the mechanics of that should be to push out a route to >> the client which it should tunnel data destined for. I have read the >> manual and am wondering if "rightsubnet" serves this purpose? >> Currently I have this set to 0.0.0.0/0 for my config. >> >> Am I on the right track with rightsubnet or otherwise how should i go >> about this? I just need some rough pointers. Or do I need a plugin >> for this? >> >> Thanks, >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users >> >> > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
