[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] Split-tunneling capability
From:       Ken Bantoft <ken () xelerance ! com>
Date:       2004-06-30 0:13:03
Message-ID: Pine.LNX.4.44.0406300209400.1004-100000 () tla ! xelerance ! com
[Download RAW message or body]


On Mon, 28 Jun 2004, Dan Strohschein wrote:

> Hi guys - first off, AWESOME software. Thank you for your efforts!
> Secondly, I have a strange question.
> 
> Say I have a Site To Site VPN connection. What I want to know is: IF
> OpenSwanServer1 receives a packet destined for 10.0.0.1 port 34 it
> passes the packet along the VPN tunnel. ANY other packets destined for
> anywhere else go through the normal internet connection.
> 
> Can OpenSwan do this? (I believe its called "Split-Tunneling")

Yes, you can do per port+protocol combination tunnels.

conn blah
	left=192.168.0.1
	leftid=@left.side.server.com
	leftrsasigkey=...
	right=10.0.0.1
	rightprotoport=6/34
	rightid=@right.side.server.com
	rightrsasigkey=...
	authby=rsasig
	auto=start

Protocol/Ports are done by thier IANA assigned numbers:

6 = TCP
17= UDP
50= ESP
etc...

so 6/34 is Protocol 6 (TCP), port 34.



-- 
Ken Bantoft			VP Business Development
ken@xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson

[prev in list] [next in list] [prev in thread] [next in thread]