[Openswan Users] IPv4/IPv6 tunneling based on traffic selection
Paul Wouters
paul at xelerance.com
Mon Sep 26 13:34:13 EDT 2011
On Mon, 26 Sep 2011, SaRaVanAn wrote:
> Hi Paul,
> I need a clarification on " What configuration I need to do in order to
> specify certain traffic has to go through tunnel and remaining traffic
> has to go unencrypted(through normal interface)?. Please find my setup
> below.
>
> I need to encrypt only ICMP data traffic and I don't want to encrypt TCP
> traffic. Is there any configuration to specify the traffic type(protocol)
> in openswan?
leftprotoport=icmp ( or use 1/0)
rightprotport=icmp
Same for ipv6-icmp (or use 58/0)
dd.
> Suppose I have given daddr, saddr and proto as selectors, whether all
> these three parameters are checked for an incoming traffic to match IPSec
> policy ?
Yes. However, with NETKEY you might need to add a specific passthrough
connection for tcp and udp.
Paul
More information about the Users
mailing list