[Openswan Users] IPv4/IPv6 tunneling based on traffic selection

Paul Wouters paul at xelerance.com
Mon Sep 26 13:34:13 EDT 2011

On Mon, 26 Sep 2011, SaRaVanAn wrote:

> Hi Paul,
>   I need a clarification on " What configuration I need to do in order to
> specify certain traffic has to go through tunnel and remaining traffic
> has to go unencrypted(through normal interface)?. Please find my setup
> below.
> I need to encrypt only ICMP data traffic and I don't want to encrypt TCP
> traffic. Is there any configuration to specify the traffic type(protocol)
> in openswan?

leftprotoport=icmp   ( or use 1/0)

Same for ipv6-icmp (or use 58/0)


> Suppose I have given daddr, saddr and proto as selectors, whether all
> these three parameters are checked for an incoming traffic to match IPSec
> policy ?

Yes. However, with NETKEY you might need to add a specific passthrough
connection for tcp and udp.


More information about the Users mailing list