From 2ce6c3718ebf51b9b7ee31722483247586308e6b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 12 Apr 2018 15:28:10 +0200
Subject: [PATCH] WIP: Allows traffic diversion

While this change allows clients behind a NAT to connect to a VPN
gateway without having to assign virtual IPs, it also allows clients
to divert traffic to basically any IP away from the gateway (they can also
create multiple CHILD_SAs with different IPs).

For such setups it might be better (i.e. there is a bit more control
over it) to set the remote TS to e.g. 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
to allow clients from private subnets to connect if they are behind a NAT.
But generally assigning virtual IPs works way better, in particular, if
there are clients behind different NATs that use the same subnet/IP.
-- 
2.47.2