My understanding is that only traffic towards the subnets declared in:
rightsubnet
is tunnelled and, therefore, encrypted. Whereas traffic towards the IP
address of the remote gateway declared in:
right
is routed outside of the tunnel.
Example:
Gateway Sun address (WAN-facing): 120.121.122.123 (fictitious)
Subnet behind Sun eth1 (LAN-facing): 192.168.90.0/24
Traffic traffic with a destination IP of 192.168.90.1 is tunnelled.
But SMTP traffic with a destination IP of 120.121.122.123 is not
tunnelled.
In the Cisco world it's apparently possible to tunnel non-IPsec traffic
towards the remote gateway public IP address.
Can strongSwan do this as well?
Tiago
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
