[Openswan Users] different flow but one target

david david2005.p at gmail.com
Wed Aug 31 16:17:48 CEST 2005


2005/8/29, Paul Wouters <paul at xelerance.com>:
> On Mon, 29 Aug 2005, david wrote:
> 
> > I ve got an openswan VPN between two hosts but I wonder if it is
> > possible to make data transit between them  without passing through
> > the VPN (but this one being still up).
> >
> > In fact I would like to be able to send some kind of data via the VPN
> > and some other not via the VPN
> 
> That is very difficult, since the VPN policies will be instructed to
> delete all plaintext traffic if an IPsec SA is up. You might be able to
> do it using portselectors, so try and set left and rightprotoport for
> the ports you want encrypted. But I wouldn't be surprised if it still
> dropped all other traffic.
> 
> The real question here is why would you want this. Your routers do not have
> enough CPU? What algorithms are you using?
> 
> > Maybe something to change in ipsec.conf ?
> 
> Nope
> 
> Paul
> 
Yes, when I make right(and left)protoport:icmp,only this protocol can
be use to reach the other and of the VPN.
All other protocols are discarded.

So does this VPN policie can be change ?
if yes how ?
maybe a dev way ?

rgds
david


More information about the Users mailing list