Re: [strongSwan] routing all traffic through tunnel without local one

2010-03-11 Thread Daniel Mentz
Peter Winterer wrote: Hi Daniel, Am 08.03.2010 10:02, schrieb Daniel Mentz: Matthias Dahl wrote: To tunnel all internet traffic, you'll need a 0.0.0.0/0 rightsubnet. This however, includes your local network in the tunnel too. One could consider this a bug. Most people certainly never

Re: [strongSwan] routing all traffic through tunnel without local one

2010-03-11 Thread Matthias Dahl
Hi Daniel. On Monday 08 March 2010 10:02:48 Daniel Mentz wrote: One might also argue that the current behavior is more secure [...] Now, imagine that the hotel's LAN uses the same IP address space as some resource on the corporate network. The traffic would then be sent to the incorrect

Re: [strongSwan] routing all traffic through tunnel without local one

2010-03-11 Thread Matthias Dahl
Hi. On Monday 08 March 2010 09:54:42 Daniel Mentz wrote: [...] So in your case, it's all about the source address. Thanks for your great explanations. That cleared a lot of things up for me. Do you happen to know any good recent source where I could read up on how all the tables work

Re: [strongSwan] routing all traffic through tunnel without local one

2010-03-10 Thread Peter Winterer
Hi Daniel, Am 08.03.2010 10:02, schrieb Daniel Mentz: Matthias Dahl wrote: To tunnel all internet traffic, you'll need a 0.0.0.0/0 rightsubnet. This however, includes your local network in the tunnel too. One could consider this a bug. Most people certainly never will want their local

Re: [strongSwan] routing all traffic through tunnel without local one

2010-03-08 Thread Matthias Dahl
Hi... On Monday 08 March 2010 08:35:25 you wrote: To tunnel all internet traffic, you'll need a 0.0.0.0/0 rightsubnet. This however, includes your local network in the tunnel too. One could consider this a bug. Most people certainly never will want their local traffic routed outside of their

[strongSwan] routing all traffic through tunnel without local one

2010-03-07 Thread Matthias Dahl
Hello everyone. I have the following setup: I have a strongSwan server on a public ip which has no local subnet behind it. Now if I connect to it with strongSwan from my local machine which is on a local network behind a router, I can connect to it, ping it and use the services of my server

Re: [strongSwan] routing all traffic through tunnel without local one

2010-03-07 Thread Martin Willi
Hi, The problem: I want to route all my internet traffic through the server and the local traffic should stay on the local net. To tunnel all internet traffic, you'll need a 0.0.0.0/0 rightsubnet. This however, includes your local network in the tunnel too. To explicitly bypass the local