Feature #4988
closedAdvanced access to IPSec "LAN Override" feature (beyond a single checkmark)
0%
Description
StrongSwan has the ability to carve out specified subnets that would normally otherwise be routed into an IPSec tunnel. This is handy if you're connecting to a /16 or something larger, but need to keep one or two /24s (or smaller!) local to the network, or if your LAN falls within the larger subnet that StrongSwan is connecting to.
pfSense as of 2.2.4 is exposing this via a checkmark in IPSec config that only overrides the LAN subnet. It would be nice to have the ability to manually override other subnets as well - e.g. it is very common for cable modem admin pages to live at 192.168.100.1, so the ability to exclude that address from a tunnel that would otherwise cover it would be handy.
The functionality is already there inside Strongswan, a GUI and the appropriate config output are all that's needed.