Hi Paul, <br> In your previous mail, you mentioned to add a "specific passthrough<br>
connection for tcp and udp". I am not clear about this point. <br>Its like we need to policy rule with action as pass through for tcp and udp traffic to go unencrypted in NETKEY.<br>Please correct me If I am wrong.<br>
<font color="#888888">
</font><br><br><div class="gmail_quote">On Mon, Sep 26, 2011 at 11:04 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Mon, 26 Sep 2011, SaRaVanAn wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">
Hi Paul,<br>
I need a clarification on " What configuration I need to do in order to<br>
specify certain traffic has to go through tunnel and remaining traffic<br>
has to go unencrypted(through normal interface)?. Please find my setup<br>
below.<br>
<br></div><div class="im">
I need to encrypt only ICMP data traffic and I don't want to encrypt TCP<br>
traffic. Is there any configuration to specify the traffic type(protocol)<br>
in openswan?<br>
</div></blockquote>
<br>
leftprotoport=icmp ( or use 1/0)<br>
rightprotport=icmp<br>
<br>
Same for ipv6-icmp (or use 58/0)<br>
<br>
dd.<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Suppose I have given daddr, saddr and proto as selectors, whether all<br>
these three parameters are checked for an incoming traffic to match IPSec<br>
policy ?<br>
</blockquote>
<br></div>
Yes. However, with NETKEY you might need to add a specific passthrough<br>
connection for tcp and udp.<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br>