Am 06.05.2010 09:31, sftf schrieb: > I read page 14. > I'm use Shrew VPN Clinet, not Windows7 native IKEv2 client.
Sure, i'm aware of your setup. I was just trying to point you to that sentence, that windows 7 does not allow split-tunneling, but other clients do - like the shrew client. Anyway as one of the developers just respond on irc with the answer, that there is no support for split-tunneling yet. > When I connect to racoon from Shrew VPN Client, I get routing to both > networks behind gateway; > When I connect to pluto to the same gateway from Shrew VPN Client, I may get > routing to > one network only - one that goes first in leftsubnet=... > So I think this is not problem of Windows7 itself, but "feature" of pluto. > > From http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection > left|rightsubnet = <ip subnet> > ... > Further, IKEv2 supports multiple > subnets separated by commas. IKEv1 only interprets the first subnet of such > a definition. > Are you agree? That is something different to split-tunneling. If i understand split-tunneling correct, you force included split-tunnel networks to go through the vpn-link. Others get routed normally through your regular internet-route. So the split-tunneling option like racoon has it pushing out some routes to the client. the left/rightsubnet setting ist just kind of policy to tell the vpn-concentrator which traffic is allowed to go through the tunnel. I may be wrong with that - never used *swan heavily. Stefan -- Stefan Bauer ----------------------------------------- PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34 -------- plzk.de - Linux - because it works ---------- _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
