[Openswan Users] IPv4/IPv6 tunneling based on traffic selection

SaRaVanAn saravanan.nagarajan87 at gmail.com
Mon Sep 26 09:11:35 EDT 2011

Hi Paul,
  I need a clarification on " What configuration I need to do in order to
specify certain traffic has to go through tunnel and remaining traffic has
to go unencrypted(through normal interface)?. Please find my setup below.


I need to encrypt only ICMP data traffic and I don't want to encrypt TCP
traffic. Is there any configuration to specify the traffic type(protocol) in

I have gone through the openswan code. what is the purpose of this

struct xfrm_selector
    xfrm_address_t    daddr;
    xfrm_address_t    saddr;
    uint16_t    dport;
    uint16_t    dport_mask;
    uint16_t    sport;
    uint16_t    sport_mask;
    uint16_t    family;
    uint8_t        prefixlen_d;
    uint8_t        prefixlen_s;
    uint8_t        proto;
    int        ifindex;
    uid_t        user;

Whether filling this structure serves the purpose I have asked above.  If it
serves my purpose,  I have one more question.
Suppose I have given daddr, saddr and proto as selectors, whether all these
three parameters are checked for an incoming traffic to match IPSec policy ?

Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110926/c474a9ea/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 15536 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110926/c474a9ea/attachment.jpe 

More information about the Users mailing list