Project

General

Profile

Actions
Copy link

Feature #4988

closed

Advanced access to IPSec "LAN Override" feature (beyond a single checkmark)

Added by Braden McGrath over 8 years ago. Updated almost 8 years ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
08/20/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

StrongSwan has the ability to carve out specified subnets that would normally otherwise be routed into an IPSec tunnel. This is handy if you're connecting to a /16 or something larger, but need to keep one or two /24s (or smaller!) local to the network, or if your LAN falls within the larger subnet that StrongSwan is connecting to.

pfSense as of 2.2.4 is exposing this via a checkmark in IPSec config that only overrides the LAN subnet. It would be nice to have the ability to manually override other subnets as well - e.g. it is very common for cable modem admin pages to live at 192.168.100.1, so the ability to exclude that address from a tunnel that would otherwise cover it would be handy.

The functionality is already there inside Strongswan, a GUI and the appropriate config output are all that's needed.

Actions
Copy link
 #1

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Rejected

Duplicate of #3329

Actions
Copy link
 #2

Updated by Chris Buechler almost 8 years ago

  • Target version deleted (Future)
Actions
Copy link

Also available in: Atom PDF