Hi, I can't tell what exactly you want. You can tell if traffic was protected with ipsec by using the iptables policy match module. You can use a VTI[1], too.
Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN On 28.11.2017 20:37, Loc Nguyen wrote: > > Hi, > > > > I create an IPsec network 10.11.0.0/16 and using dnsmasq to assign IP > addresses. > > > > I able to route all 10.11.0.0/16 network traffic to an interface. I would > like also route local network 10.11.0.0/16 between client to client to that > interface too. > > > > I can use iptables FORWARD to block client to client. Instead of blocking I > want the traffic to the interface. > > > > Thanks, >
signature.asc
Description: OpenPGP digital signature