[Openswan Users] Openswan has "interesting traffic" like Cisco ACL?

Brendan Choi bchoi9999 at gmail.com
Sat Jul 21 19:10:09 EDT 2012


Thanks! I think I'm asking this because I have a GRE tunnel on Linux, and
Openswan encrypts all traffic in this GRE tunnel.

I think that in Cisco, the ACL is part of the crypto map to give people the
option not to encrypt all traffic through the GRE tunnel, just the traffic
you want.

Maybe I have a fundamentals misunderstanding, but can't you do the same on
Linux? Encrypt traffic through a tunnel, like a GRE one, selectively?

BTW, I'm running Scientific Linux 6.

Thanks to everyone who is answering!

Brendan

On Sat, Jul 21, 2012 at 6:47 PM, SilverTip257 <silvertip257 at gmail.com>wrote:

> I don't know if this is what you want or need to do, but I'll throw
> the idea out here.
>
> You could use iptables on your Linux host to DNAT [0] certain traffic
> and sending it across your IPSec tunnel.
> -j DNAT --to-destination X.X.X.X:Y
>
> ** I can't vouch that this will work properly as I've not tried it.
> If you decide to give it a shot I'd appreciate hearing if it works.
>
> [0] http://linux-ip.net/html/nat-dnat.html
>
> ---~~.~~---
> Mike
> //  SilverTip257  //
>
>
> On Sat, Jul 21, 2012 at 11:40 AM, Brendan Choi <bchoi9999 at gmail.com>
> wrote:
> > What is the Openswan equivalent to Cisco IOS's "interesting traffic"?
> >
> > I have Linux Openswan working with a Cisco router. I would like to give
> > Openswan the precise IP and TCP traffic I want encrypted, just like with
> a
> > Cisco ACL.
> >
> > Seems the closest thing is "leftsubnets" and "rightsubnets". I'm new to
> > Openswan, so please enlighten me. Thanks!
> >
> >
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120721/d5c41d4f/attachment.html>


More information about the Users mailing list