Perhaps I’m too lazy but as I mentioned earlier, the main idea is to route all traffic (0.0.0.0/0) through the tunnel and then passthrough is the only option possible ;-)
Kind regards Christian > On 04 Sep 2015, at 20:32, Noel Kuntze <[email protected]> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > It doesn't get passed through a tunnel. > Christian's networks use distinct subnets, but they are all in the > 10.1.0.0/16 range. > He uses 10.1.13.0/24 in the "local" part of the tunnel, but *all* the other > subnets of 10.1.0.0/16 are on the remote side. > Of course, he could define CHILD_SAs for every subnet in use on the other > side, but I figure he's too lazy for that. > > - -- > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJV6ePXAAoJEDg5KY9j7GZYz1kP/jvRJqZlTTmJ4mlHyWXyeqtZ > UNBeKaZAft/ZdBP9tKZAYuv4P/YjUD2Dgq5l35aZbqZloV4ZMuj5AIm7b4Sslose > VmRhONB2H7um7bjLapZtG4/w8ELRMZIex3T7Jep0+rXQAudRQuaxLDQAk0mSYBrD > 3KtW12n9g17DrGcHAO7XlmM4FG/TgUeIN/Y6ZPpbPN/fYGFCNDo8pMHhG6DaMW/N > LtpgeygKzpyXkIQu6E46jdjIT7iyc34+tFOnnJtn7+oPi/vKU9+z8JNYb8A/BdhI > sJn7n4riZiJpaQGrfgdMFrYcZ1nW9aSaV6YW/qa4HcUqfRmBvsDDduIHBTKmlgcT > n7mLTJ++HzLStZ4sHljdoY6cFjO+zUpaIkgaWJrOa0mKcyEUyOVRcB0/cgv/i2rl > 5irI56M6w664ZSYVsl1jpOWmqbfUO3RF4fU5xE1TLEwImlR4kSPFUU0gsQpdKsws > eY7ZGBCN5qLmOHDOgs9zkIzaLVATova+PpjuPAzkkj4EO0ldN9s51aka5mnsq+xY > norqd8myD0nNguC8L+tYLafXuR0ldRrhLiti8BSA2I0g01bjRWdwSgntaCVLtwvL > DjCgaKOfWBgQWE0TcQUR//myuaeR3R6tKOALd48t/RFP6kaQ3lCcE/3qc2nl4+zq > dnqP+YXetzNl3+HCwWB2 > =D7Ni > -----END PGP SIGNATURE----- > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
