Hello, I am a newbie to ipsec. I was able to setup a working VPN but struggled with the split setup.
My setup is a normal home setup: -DSL Connection from my home network (192.168.178.0/24) -DSL Router (192.168.178.1) (ESP and needed udp ports are forwarded the raspberry) -Raspberry (192.168.178.xx) with running ipsec -my mobile devices get an address in the range 192.168.179.1-192.168.179.50 I can connect and use the VPN from my laptop connected to a mobile network. But all traffic is then routed over my home network (which is working but I only want to have the traffic for 192.168.178.0/24 routed over VPN). I think I have to use several connections in ipsec.conf with the passthrough policy but I tried a lot of variants and googled much more and was not able to get it running. Can somebody here help me or give me a hint? Here is my actual ipsec.conf: config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes dpdaction=clear dpddelay=300s rekey=no left=%any leftid=@my.external.address leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-mschapv2 rightdns=192.168.178.1 rightsourceip=192.168.179.1-192.168.179.50 rightsendcert=never eap_identity=%identity Many thanks and Kind Regards, Marco