Noel is right in this case. I set up something similar with openswan some time ago. I do not want to route my local network traffic through the tunnel. Therefore I need a passthrough connection. Perhaps you misunderstood that…
@Noel: I will later search the bug database and if needed fill a bug report. Kind regards Christian Hanster > On 04 Sep 2015, at 20:28, Randy Wyatt <[email protected]> wrote: > > Then why would a passthrough be passed the tunnel. Passthrough policies > are for the local lan only. I will wait for more of an expert to comment. > I am willing to accept if I am wrong. > > On Fri, Sep 4, 2015 at 11:25 AM, Noel Kuntze <[email protected] > <mailto:[email protected]>> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > A passthrough policy always only applies to the local host. > It's completely okay to use overlapping subnets, because the tunnel doesn't > work like a normal route. > It's source AND Destination based routing. If you apply a passthrough policy > for local traffic in your LAN, then it will work. > The purpose of a passthrough policy is to *explicitely* tell the IPsec stack > to *not* do any IPsec processing on certain packets. > The use case of Christian is *exactly* what it's for. > > - -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJV6eIXAAoJEDg5KY9j7GZYu/IP/AtkpY7UsCf3fx6nSpCxiBWK > ZJJ1Ip2vaHFnUSDdqvYlkj09m1Cumzo5MRoBZ8NrbdBaftsCrBkBCtyhcwYbPnfC > ykdqXSH5eQID/BL9qXfYOQhS+llYo1tpW1WgNX4/9mfU/VHpnQ059iWSyO47JxoR > IgPPuNtkk2q88LWoG4h3QCdws+XG0ui+AG1WIX9pdQ1hror3+Q19rKBRVsJ3paqJ > msx7A3ZaHa62CQ9iq4ruGaVUR+17ZgGg9G80vjapb1mgnvk0yDQycL3cz+ANm4cH > HPIZqbc/JvJgcpF1iTVS5ToIrznvXUtaBFIgYLqTqDawyssDe3ly1Jt27+pN0t9V > CkPCKljoSHMOnZChhxJRyAo8gRxSmBhbETedt7blBQ8CrNaFGVpZw4K2RE5/nCub > MA1wCbqmXl5hcuAyLLYL2izdsXvZtmUeyARBWkVf12J4Z1m4DHl1iMfTgxma/G0n > NlTXWXJg7MbaKiPLmmxRn95/rXZoRhTk4ihfiVIKOvBuGIAVBb/u+9NJUax3veHS > rNdTs4wLgW28Ey6elyAukWIGSO6m75W9fONsBSYFldQw1Ktz04bqoZbAA57QisF2 > ZuE8RV/vD2+yp02/F4b5XS0oELFGh6QDJjVTjaVHRGYno18Eluspz7/4rF357KIk > 9FBnWOIWPB1oerb44xWS > =n/f1 > -----END PGP SIGNATURE----- > > > > > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
