1
I'm using Strongswan on CentOS as IPSEC VPN server. Is possible to tell client (win7) to route all traffic through tunnel interface after tunnel is up?
Here is my ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
conn rw-eap
left=%defaultroute
leftsubnet=0.0.0.0/0
leftsourceip=62.244.57.9
leftid=@master.ln.ua
leftcert=server.crt
leftauth=pubkey
leftfirewall=no
right=%any
rightauth=eap-mschapv2
rightsourceip=62.244.57.9/29
rightsendcert=never
eap_identity=%any
auto=add
Your config should achieve that (
– ecdsa – 2014-10-27T11:00:31.673leftsubnet=0.0.0.0/0
). But please have a look at the strongSwan wiki for details on forwarding and split-tunneling.