Charon supports traffic selector narrowing. It does what the name implies (narrows the locally configured TS and the remote TS down to a common TS, if possible. Otherwise, reject the client and send it an error.
However, you need to make sure that you can actually configure the client to send a narrowed TS or enable charon to tell apart full-tunnel and split-tunnel clients. OpenVPN doesn't implement IPsec, so I don't understand how this is relevant here. If you want any actual help regarding your specific problem, we require full configuration and logs of both sides. On 28.02.2017 23:00, Aanand Ramachandran wrote: > Hi - would appreciate it if someone can help me with this question. > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > *From:* Aanand Ramachandran <[email protected]> > *Sent:* Sunday, February 26, 2017 11:06:18 PM > *To:* [email protected] > *Subject:* Traffic Selectors > > > Hi - per this article i should be able to achieve split-tunnel on a > Strongswan client by configuring the right TS subnets on the server. The > article explains that clients most of the time send 0.0.0.0, so the server > can be configured (/leftsubnet /parameter) to send back those subnets that > can be accessed over the VPN connection. > > > https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling > > > However, this doesnt seem to work on Android OepnVPN. In spite of configuring > the right traffic selector on the server all traffic from the client is sent > to the VPN interface. > > > Can you help me out with this? > > <https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling> > > ForwardingAndSplitTunneling - strongSwan > <https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling> > wiki.strongswan.org > Introduction to strongSwan: Forwarding and Split-Tunneling¶ Introduction to > strongSwan: Forwarding and Split-Tunneling. Forwarding Client Traffic > > thanks, > > Aanand > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -- Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
