<div dir="ltr">I am trying to figure out how to express port ranges in the left/right subnet configuration in the ipsec.conf file.<div><br></div><div>I found a feature request here:</div><div><a href="https://wiki.strongswan.org/issues/278">https://wiki.strongswan.org/issues/278</a><br>
</div><div><br></div><div>The resolution says:</div>"Starting with 5.1.0, port ranges can be configured for left/rightsubnet selectors, refer to ipsec.conf(5) for details."<div></div><div><br></div><div>However there is no example of port ranges in the online docs. Is there an example of a port range configuration that can be shared?</div>
<div><br></div><div>Also there is an additional comment:</div>"However, none of our kernel backends support such ranges. As it is unlikely that such an extension will be accepted by the Linux networking folks, we can't do much about it."<div>
<br></div><div>What exactly does that mean? If you configure ranges SS will: </div><div>1) do nothing - SS silently ignores them.</div><div>2) configure the range as individual ports (100-200) will be result in 200 connections being configured.</div>
<div>3) Try to send it to the kernel and hopelessly fail</div><div>4) throw an error and move on</div><div><br></div><div>What options do I have if I need to configure a range of ports? </div><div><br></div><div>Regards, </div>
<div>Dan</div><div><br></div></div>