[Openswan Users] Openswan has "interesting traffic" like Cisco ACL?
bchoi9999 at gmail.com
Sat Jul 21 19:10:09 EDT 2012
Thanks! I think I'm asking this because I have a GRE tunnel on Linux, and
Openswan encrypts all traffic in this GRE tunnel.
I think that in Cisco, the ACL is part of the crypto map to give people the
option not to encrypt all traffic through the GRE tunnel, just the traffic
Maybe I have a fundamentals misunderstanding, but can't you do the same on
Linux? Encrypt traffic through a tunnel, like a GRE one, selectively?
BTW, I'm running Scientific Linux 6.
Thanks to everyone who is answering!
On Sat, Jul 21, 2012 at 6:47 PM, SilverTip257 <silvertip257 at gmail.com>wrote:
> I don't know if this is what you want or need to do, but I'll throw
> the idea out here.
> You could use iptables on your Linux host to DNAT  certain traffic
> and sending it across your IPSec tunnel.
> -j DNAT --to-destination X.X.X.X:Y
> ** I can't vouch that this will work properly as I've not tried it.
> If you decide to give it a shot I'd appreciate hearing if it works.
>  http://linux-ip.net/html/nat-dnat.html
> // SilverTip257 //
> On Sat, Jul 21, 2012 at 11:40 AM, Brendan Choi <bchoi9999 at gmail.com>
> > What is the Openswan equivalent to Cisco IOS's "interesting traffic"?
> > I have Linux Openswan working with a Cisco router. I would like to give
> > Openswan the precise IP and TCP traffic I want encrypted, just like with
> > Cisco ACL.
> > Seems the closest thing is "leftsubnets" and "rightsubnets". I'm new to
> > Openswan, so please enlighten me. Thanks!
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users