[strongSwan] some conceptual ipsec/iptables/policy questions
Christoph Anton Mitterer
calestyo at scientia.net
Mon Oct 4 22:49:16 CEST 2010
Hey...
On Mon, 2010-10-04 at 19:17 +0200, Andreas Steffen wrote:
> > (And sorry for bugging you over and over again ;) )
> yeah, if the doctor is in, it will cost 50 cents ;-)
That's great... I mean,.. you're from Switzerland IIRC,... so you
probably know that in Germany visiting the doctor costs you at least 10€
But seriously,... I'd have no problems in donating some bugs to
strongswan development! :)
> >> src ::/0 dst ::/0
> >> dir 3 priority 0 ptype main
> >> src ::/0 dst ::/0
> >> dir 4 priority 0 ptype main
> >> src ::/0 dst ::/0
> >> dir 3 priority 0 ptype main
> >> src ::/0 dst ::/0
> >> dir 4 priority 0 ptype main
> >> src ::/0 dst ::/0
> >> dir 3 priority 0 ptype main
> >> src ::/0 dst ::/0
> >> dir 4 priority 0 ptype main
> >> src 0.0.0.0/0 dst 0.0.0.0/0
> >> dir 3 priority 0 ptype main
> >> src 0.0.0.0/0 dst 0.0.0.0/0
> >> dir 4 priority 0 ptype main
> >> src 0.0.0.0/0 dst 0.0.0.0/0
> >> dir 3 priority 0 ptype main
> >> src 0.0.0.0/0 dst 0.0.0.0/0
> >> dir 4 priority 0 ptype main
> >> src 0.0.0.0/0 dst 0.0.0.0/0
> >> dir 3 priority 0 ptype main
> >> src 0.0.0.0/0 dst 0.0.0.0/0
> >> dir 4 priority 0 ptype main
> > => What are these (dir 3 and 4) and why does each rule appear twice?
> >
> These are policies that exempt the IKE protocol (ports 500 and 4500)
> from tunneling.
But this just excepts udp 500/4500 or what?
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101004/e33a86fb/attachment.bin>
More information about the Users
mailing list