bypass-lan plugin for
libcharon automatically installs and updates
passthrough/bypass policies for locally attached subnets. This is useful for
mobile hosts that are used in different networks that want to access local
devices in these networks (e.g. printers or NAS) while connected to a VPN that
would otherwise cover that traffic too (e.g. if the remote traffic selector is
The plugin is disabled by default and can be enabled with the
When the plugin is initialized it enumerates all enabled interfaces (see below) and installs passthrough/bypass policies for the subnets that are attached directly to these interfaces. Whenever interfaces/addresses/routes are changed the local subnets are again enumerated and, if necessary, policies are added and/or removed.
|The plugin’s default behavior is incompatible with route-based VPNs, so you might have to disable it or configure interfaces (see below).
A comma-separated list of network interfaces for which connected subnets
should be ignored. If
A comma-separated list of network interfaces for which connected subnets should be considered. All other interfaces are ignored