<div>Thanks! I think I'm asking this because I have a GRE tunnel on Linux, and Openswan encrypts all traffic in this GRE tunnel.</div><div> </div><div>I think that in Cisco, the ACL is part of the crypto map to give people the option not to encrypt all traffic through the GRE tunnel, just the traffic you want.</div>
<div> </div><div>Maybe I have a fundamentals misunderstanding, but can't you do the same on Linux? Encrypt traffic through a tunnel, like a GRE one, selectively?</div><div> </div><div>BTW, I'm running Scientific Linux 6.</div>
<div> </div><div>Thanks to everyone who is answering!</div><div> </div><div>Brendan<br><br></div><div class="gmail_quote">On Sat, Jul 21, 2012 at 6:47 PM, SilverTip257 <span dir="ltr"><<a href="mailto:silvertip257@gmail.com" target="_blank">silvertip257@gmail.com</a>></span> wrote:<br>
<blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote">I don't know if this is what you want or need to do, but I'll throw<br>
the idea out here.<br>
<br>
You could use iptables on your Linux host to DNAT [0] certain traffic<br>
and sending it across your IPSec tunnel.<br>
-j DNAT --to-destination X.X.X.X:Y<br>
<br>
** I can't vouch that this will work properly as I've not tried it.<br>
If you decide to give it a shot I'd appreciate hearing if it works.<br>
<br>
[0] <a href="http://linux-ip.net/html/nat-dnat.html" target="_blank">http://linux-ip.net/html/nat-dnat.html</a><br>
<br>
---~~.~~---<br>
Mike<br>
// SilverTip257 //<br>
<br>
<br>
On Sat, Jul 21, 2012 at 11:40 AM, Brendan Choi <<a href="mailto:bchoi9999@gmail.com">bchoi9999@gmail.com</a>> wrote:<br>
> What is the Openswan equivalent to Cisco IOS's "interesting traffic"?<br>
><br>
> I have Linux Openswan working with a Cisco router. I would like to give<br>
> Openswan the precise IP and TCP traffic I want encrypted, just like with a<br>
> Cisco ACL.<br>
><br>
> Seems the closest thing is "leftsubnets" and "rightsubnets". I'm new to<br>
> Openswan, so please enlighten me. Thanks!<br>
><br>
><br>
> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
><br>
</blockquote></div><br>