[Openswan Users] different flow but one target
david
david2005.p at gmail.com
Mon Aug 29 16:55:52 CEST 2005
Yes, in fact it's a question of power, since one side of the VPN is very light.
So I have got data needing to be encrypted and signaling data which
must be transmitted in clear.
I m going to test portselectors.
Do you know if it is possible to choose a range of port for a defined protocol ?
rgds
david
2005/8/29, Paul Wouters <paul at xelerance.com>:
> On Mon, 29 Aug 2005, david wrote:
>
> > I ve got an openswan VPN between two hosts but I wonder if it is
> > possible to make data transit between them without passing through
> > the VPN (but this one being still up).
> >
> > In fact I would like to be able to send some kind of data via the VPN
> > and some other not via the VPN
>
> That is very difficult, since the VPN policies will be instructed to
> delete all plaintext traffic if an IPsec SA is up. You might be able to
> do it using portselectors, so try and set left and rightprotoport for
> the ports you want encrypted. But I wouldn't be surprised if it still
> dropped all other traffic.
>
> The real question here is why would you want this. Your routers do not have
> enough CPU? What algorithms are you using?
>
> > Maybe something to change in ipsec.conf ?
>
> Nope
>
> Paul
>
More information about the Users
mailing list