Issue #635
Updated by Tobias Brunner about 11 years ago
Here is the issue, I want use iOS as client and let some specific ip not go through vpn tunnel.
After read the doc on the wiki, http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
I know on iOS we only can use attr.(iOS raccoon do not support ikev2)
So I changed strongswan.conf like this:
<pre>
cisco_unity = yes
plugins {
attr {
split-include = 0.0.0.0/0
split-exclude = 17.0.0.0/8, 183.57.84.84/24
}
}
</pre>
but the connection can not make since I use 0.0.0.0, if leave it blank or delete split-include, the access to ip in split-exclude will be blocked instead of go through LAN.
It's weird and I dig two days in google but find no answer.
After read the doc on the wiki, http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
I know on iOS we only can use attr.(iOS raccoon do not support ikev2)
So I changed strongswan.conf like this:
<pre>
cisco_unity = yes
plugins {
attr {
split-include = 0.0.0.0/0
split-exclude = 17.0.0.0/8, 183.57.84.84/24
}
}
</pre>
but the connection can not make since I use 0.0.0.0, if leave it blank or delete split-include, the access to ip in split-exclude will be blocked instead of go through LAN.
It's weird and I dig two days in google but find no answer.