[Openswan Users] IPv4/IPv6 tunneling based on traffic selection

SaRaVanAn saravanan.nagarajan87 at gmail.com
Thu Sep 29 07:37:15 EDT 2011


Hi Paul,
   In your previous mail, you mentioned to add a "specific passthrough
connection for tcp and udp". I am not clear about this point.
Its like we need to policy rule with action as pass through for tcp and udp
traffic to go unencrypted in NETKEY.
Please correct me If I am wrong.


On Mon, Sep 26, 2011 at 11:04 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Mon, 26 Sep 2011, SaRaVanAn wrote:
>
>  Hi Paul,
>>   I need a clarification on " What configuration I need to do in order to
>> specify certain traffic has to go through tunnel and remaining traffic
>> has to go unencrypted(through normal interface)?. Please find my setup
>> below.
>>
>> I need to encrypt only ICMP data traffic and I don't want to encrypt TCP
>> traffic. Is there any configuration to specify the traffic type(protocol)
>> in openswan?
>>
>
> leftprotoport=icmp   ( or use 1/0)
> rightprotport=icmp
>
> Same for ipv6-icmp (or use 58/0)
>
> dd.
>
>
>  Suppose I have given daddr, saddr and proto as selectors, whether all
>> these three parameters are checked for an incoming traffic to match IPSec
>> policy ?
>>
>
> Yes. However, with NETKEY you might need to add a specific passthrough
> connection for tcp and udp.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110929/b1d25070/attachment.html 


More information about the Users mailing list