[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] Split-tunneling capability
From: Ken Bantoft <ken () xelerance ! com>
Date: 2004-06-30 0:13:03
Message-ID: Pine.LNX.4.44.0406300209400.1004-100000 () tla ! xelerance ! com
[Download RAW message or body]
On Mon, 28 Jun 2004, Dan Strohschein wrote:
> Hi guys - first off, AWESOME software. Thank you for your efforts!
> Secondly, I have a strange question.
>
> Say I have a Site To Site VPN connection. What I want to know is: IF
> OpenSwanServer1 receives a packet destined for 10.0.0.1 port 34 it
> passes the packet along the VPN tunnel. ANY other packets destined for
> anywhere else go through the normal internet connection.
>
> Can OpenSwan do this? (I believe its called "Split-Tunneling")
Yes, you can do per port+protocol combination tunnels.
conn blah
left=192.168.0.1
leftid=@left.side.server.com
leftrsasigkey=...
right=10.0.0.1
rightprotoport=6/34
rightid=@right.side.server.com
rightrsasigkey=...
authby=rsasig
auto=start
Protocol/Ports are done by thier IANA assigned numbers:
6 = TCP
17= UDP
50= ESP
etc...
so 6/34 is Protocol 6 (TCP), port 34.
--
Ken Bantoft VP Business Development
ken@xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic