1

I am using an ipsec based vpn configuration profile to connect a number of devices on my network to a remote strongswan based vpn server using certificate based authentication and connect on demand. Everything works well. However, my lan resources are not accessible when devices are connected to vpn.

I was wondering is there a way I can bypass local networks ips from being routed on the vpn tunnel when connected to vpn. So far i evaluated ondemandrules but looks like they are for triggering the vpn connection only. However, once device is connected to vpn, they cannot be used to bypass local ip addresses to be routed on vpn tunnel.

Any help is highly appreciated.

muzammil
  • 59
  • 1
  • 2
  • 6
  • This might help [Allow Strongswan roadwarrior to access local LAN](https://serverfault.com/questions/709979/allow-strongswan-roadwarrior-to-access-local-lan) – Jofre Mar 01 '16 at 10:27
  • Thanks. It works the way it is mentioned in the link. However, in my setup, the client device is also using a manual proxy with strongswan vpn. Sorry forgot to mention about it. So the above configuration mentioned in the link do not work for my setup as the left subnet for both internet and local traffic will always be the proxy's address. An alternative would be to use a pac file but for ios devices, pac file is not 100% gauranteed to be downloaded after vpn connects. I would prefer if any other strongswan configuration can be employed to achieve this. – muzammil Mar 01 '16 at 15:22

0 Answers0