[Openswan dev] VPN policie and Protocol selector
Paul Wouters
paul at xelerance.com
Wed Sep 7 17:44:17 CEST 2005
On Tue, 6 Sep 2005, david wrote:
>> >> Write a policy of "type=passthrough" for the other protocols.
>>
>> david> Would this type of policy enable me to not discard the other
>> david> protocols but also to let them pass outside of the VPN ?
>>
>> Yes.
>> if you don't discard them, then they will be forwarded in the clear.
>
> thx michael
>
> This is exactly what I want to do.
>
> But I don't know how to write this policy and where (in ipsec.conf ?)
> Could you give me an example or an URL where I can find It ?
something like:
conn pass-all-udp
left=%defaultroute
right=%any
rightsubnet=0.0.0.0/0
type=passthrough
leftprotoport=17/%any
auto=route
(17 is the udp protocol number, see /etc/protocols)
Paul
More information about the Dev
mailing list