How to add an exception in ipsec.conf

andrian

Active Member

Reaction score: 7
Messages: 153

Hi friends. Please help me. How to add an exception network addresses in IPsec.conf?
I used security/ipsec-tools and very all good, but string in /etc/IPsec.conf for example:
Code:
spdadd 0.0.0.0/0 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 10.0.110.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
but should
Code:
spdadd 0.0.0.0/0 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 10.0.110.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
... not 192.168.0.0/24 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
... not 10.0.110.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
 
Top