[Openswan Users] different flow but one target
david
david2005.p at gmail.com
Wed Aug 31 16:17:48 CEST 2005
2005/8/29, Paul Wouters <paul at xelerance.com>:
> On Mon, 29 Aug 2005, david wrote:
>
> > I ve got an openswan VPN between two hosts but I wonder if it is
> > possible to make data transit between them without passing through
> > the VPN (but this one being still up).
> >
> > In fact I would like to be able to send some kind of data via the VPN
> > and some other not via the VPN
>
> That is very difficult, since the VPN policies will be instructed to
> delete all plaintext traffic if an IPsec SA is up. You might be able to
> do it using portselectors, so try and set left and rightprotoport for
> the ports you want encrypted. But I wouldn't be surprised if it still
> dropped all other traffic.
>
> The real question here is why would you want this. Your routers do not have
> enough CPU? What algorithms are you using?
>
> > Maybe something to change in ipsec.conf ?
>
> Nope
>
> Paul
>
Yes, when I make right(and left)protoport:icmp,only this protocol can
be use to reach the other and of the VPN.
All other protocols are discarded.
So does this VPN policie can be change ?
if yes how ?
maybe a dev way ?
rgds
david
More information about the Users
mailing list