[Openswan Users] Split-tunneling capability
Ken Bantoft
ken at xelerance.com
Wed Jun 30 03:13:03 CEST 2004
On Mon, 28 Jun 2004, Dan Strohschein wrote:
> Hi guys - first off, AWESOME software. Thank you for your efforts!
> Secondly, I have a strange question.
>
> Say I have a Site To Site VPN connection. What I want to know is: IF
> OpenSwanServer1 receives a packet destined for 10.0.0.1 port 34 it
> passes the packet along the VPN tunnel. ANY other packets destined for
> anywhere else go through the normal internet connection.
>
> Can OpenSwan do this? (I believe its called "Split-Tunneling")
Yes, you can do per port+protocol combination tunnels.
conn blah
left=192.168.0.1
leftid=@left.side.server.com
leftrsasigkey=...
right=10.0.0.1
rightprotoport=6/34
rightid=@right.side.server.com
rightrsasigkey=...
authby=rsasig
auto=start
Protocol/Ports are done by thier IANA assigned numbers:
6 = TCP
17= UDP
50= ESP
etc...
so 6/34 is Protocol 6 (TCP), port 34.
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Users
mailing list