[Openswan Users] different flow but one target
Paul Wouters
paul at xelerance.com
Mon Aug 29 15:50:28 CEST 2005
On Mon, 29 Aug 2005, david wrote:
> I ve got an openswan VPN between two hosts but I wonder if it is
> possible to make data transit between them without passing through
> the VPN (but this one being still up).
>
> In fact I would like to be able to send some kind of data via the VPN
> and some other not via the VPN
That is very difficult, since the VPN policies will be instructed to
delete all plaintext traffic if an IPsec SA is up. You might be able to
do it using portselectors, so try and set left and rightprotoport for
the ports you want encrypted. But I wouldn't be surprised if it still
dropped all other traffic.
The real question here is why would you want this. Your routers do not have
enough CPU? What algorithms are you using?
> Maybe something to change in ipsec.conf ?
Nope
Paul
More information about the Users
mailing list