<p>Dear list,</p>
<p>I believe sent this email sometime earlier, but wasn't experienced enough with OpenSwan to state what I need.</p>
<p>Allow me to throw out a short history and what I plan to achieve in the future.</p>
<p>We all know that some countries block certain websites, services etc... In my case it's VoIP being disabled in some countries. Now, to bypass this, I had to have some sort of VPN. I went first with the OpenVPN option and already have that running without issues. The problem came when my needs were directed towards mobile devices; iPhone and Android.</p>
<p>OpenVPN on these devices will install and run without issues, but will require a certain level of technical knowledge from the user. Given I'm deploying this to a wide number of corporate users, I can't educate them all and work certificates for evey device. Besides, OpenVPN requires jailbroken iPhones and rooted Androids (except for 4.0+).</p>
<p>My current option of course, would be OpenSwan; L2TP/IPsec, which is natively available in every handset utilizing these OS's.</p>
<p>What I'm required to have is the following simple diagram:</p>
<p>(Mobile Users with dynamic IPs) --> (VPN Server somewhere in the world running L2TP/IPsec) --> (VoIP servers in London, NY and others)</p>
<p>The idea of a VPN server in this case is not a method for users to connect to office resources (local network), but rather a WAN gateway. Meaning, users would dial in, and automatically direct their VoIP traffic (only) to the VPN gateway, and from there to the VoIP servers. Thankfully I've been able to do this, and things are running without issues.</p>
<p>However (there's always that :) ), I have a few concerns:</p>
<p>- First of all, has anyone done that actually? I'd really love to know how people usually get this working<br>
- When it comes to iPhone (not very sure about Android, but I think this isn't the case), there's only one option to activate or deactivate, and that's "Send all traffic".</p>
<p>Since I come from an OpenVPN background, I'd like to force users to send traffic to IP X.X.X.X (for example) only through the VPN tunnel, and the rest through the device's default gateway. Is there someway to configure OpenSwan to do so? I have any idea to redirect traffic via iptables by sending back an ICMP message, but not sure of the idea, this'll cause a lot of network traffic.</p>
<p>I know I've written a lot, but would really appreciate all the help I could get here :-) </p>
<p>Thanks<br>
//M<br>
</p>