-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A passthrough policy always only applies to the local host. It's completely okay to use overlapping subnets, because the tunnel doesn't work like a normal route. It's source AND Destination based routing. If you apply a passthrough policy for local traffic in your LAN, then it will work. The purpose of a passthrough policy is to *explicitely* tell the IPsec stack to *not* do any IPsec processing on certain packets. The use case of Christian is *exactly* what it's for.
- -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV6eIXAAoJEDg5KY9j7GZYu/IP/AtkpY7UsCf3fx6nSpCxiBWK ZJJ1Ip2vaHFnUSDdqvYlkj09m1Cumzo5MRoBZ8NrbdBaftsCrBkBCtyhcwYbPnfC ykdqXSH5eQID/BL9qXfYOQhS+llYo1tpW1WgNX4/9mfU/VHpnQ059iWSyO47JxoR IgPPuNtkk2q88LWoG4h3QCdws+XG0ui+AG1WIX9pdQ1hror3+Q19rKBRVsJ3paqJ msx7A3ZaHa62CQ9iq4ruGaVUR+17ZgGg9G80vjapb1mgnvk0yDQycL3cz+ANm4cH HPIZqbc/JvJgcpF1iTVS5ToIrznvXUtaBFIgYLqTqDawyssDe3ly1Jt27+pN0t9V CkPCKljoSHMOnZChhxJRyAo8gRxSmBhbETedt7blBQ8CrNaFGVpZw4K2RE5/nCub MA1wCbqmXl5hcuAyLLYL2izdsXvZtmUeyARBWkVf12J4Z1m4DHl1iMfTgxma/G0n NlTXWXJg7MbaKiPLmmxRn95/rXZoRhTk4ihfiVIKOvBuGIAVBb/u+9NJUax3veHS rNdTs4wLgW28Ey6elyAukWIGSO6m75W9fONsBSYFldQw1Ktz04bqoZbAA57QisF2 ZuE8RV/vD2+yp02/F4b5XS0oELFGh6QDJjVTjaVHRGYno18Eluspz7/4rF357KIk 9FBnWOIWPB1oerb44xWS =n/f1 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
