# How to add an exception in ipsec.conf



## andrian (Jun 2, 2016)

Hi friends. Please help me. How to add an exception network addresses in IPsec.conf?
I used security/ipsec-tools and very all good, but string in /etc/IPsec.conf for example:

```
spdadd 0.0.0.0/0 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 10.0.110.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
```
but should

```
spdadd 0.0.0.0/0 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
spdadd 10.0.110.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
... not 192.168.0.0/24 10.0.110.0/24 any -P out ipsec esp/tunnel/1.1.1.1-2.2.2.2/require;
... not 10.0.110.0/24 192.168.0.0/24 any -P in ipsec esp/tunnel/2.2.2.2-1.1.1.1/require;
```


----------

