[Openswan Users] Split-tunneling capability

Ken Bantoft ken at xelerance.com
Wed Jun 30 03:13:03 CEST 2004


On Mon, 28 Jun 2004, Dan Strohschein wrote:

> Hi guys - first off, AWESOME software. Thank you for your efforts!
> Secondly, I have a strange question.
> 
> Say I have a Site To Site VPN connection. What I want to know is: IF
> OpenSwanServer1 receives a packet destined for 10.0.0.1 port 34 it
> passes the packet along the VPN tunnel. ANY other packets destined for
> anywhere else go through the normal internet connection.
> 
> Can OpenSwan do this? (I believe its called "Split-Tunneling")

Yes, you can do per port+protocol combination tunnels.

conn blah
	left=192.168.0.1
	leftid=@left.side.server.com
	leftrsasigkey=...
	right=10.0.0.1
	rightprotoport=6/34
	rightid=@right.side.server.com
	rightrsasigkey=...
	authby=rsasig
	auto=start

Protocol/Ports are done by thier IANA assigned numbers:

6 = TCP
17= UDP
50= ESP
etc...

so 6/34 is Protocol 6 (TCP), port 34.



-- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson



More information about the Users mailing list