In my company we have a strongswan vpn that we use to be able to access a git server, The problem is that we are facing MTU issues, so for example when we do something like pip install -r requirements.txt the packages that are located outside of our git server can not be reached. Is there are a way to route throught strongswan only the traffic to the git server ip with client side config only? currently we are using network manager to connect to the vpn which always 0.0.0.0/0 for the remote network
Asked
Active
Viewed 341 times
1 Answers
0
While the client always proposes 0.0.0.0/0 as remote traffic selector, the server is free to narrow this to a smaller subnet (or multiple subnets/IPs). So if you change the server's configuration (its local traffic selector) to the IPs you want, the client will only tunnel traffic to them and the rest will bypass the VPN.
You could also look into fixing the MTU/MSS issue (e.g. via TCPMSS target for iptables).
ecdsa
- 3,973
- 15
- 29