[strongSwan] need to allow ssl restriction

Fri Mar 30 15:07:37 CEST 2012

Hi Sanjay,

you can define only a single port per passthrough connection, e.g.

conn p1
     also=pass
     leftprotoport=tcp/0
     rightprotoport=tcp/https
     auto=route

conn p2
     also=pass
     leftprotoport=tcp/0
     rightprotoport=tcp/imaps
     auto=route

....

conn pass
     type=pass
     authby=never
     leftsubnet=..
     rightsubnet=..

Regards

Andreas

On 03/30/2012 02:57 PM, Shukla, Sanjay wrote:
> Hi Andreas,
> 
> My requirement is to pass traffic on a certain port, how can I
> specify the port numbers in connection configuration
> 
> Regards, -sanjay
> 
> 
> ----------------------------------------------------- Please consider
> the environment before printing this email.
> 
> -----Original Message----- From: Andreas Steffen
> [mailto:andreas.steffen at strongswan.org] Sent: Monday, March 26, 2012
> 2:27 PM To: Shukla, Sanjay Cc: users at lists.strongswan.org Subject:
> Re: [strongSwan] need to allow ssl restriction
> 
> Hello Sanjay,
> 
> you can define a pass shunt policy for TCP port 443. Just have a look
> at our example scenario:
> 
> www.strongswan.org/uml/testresults/ikev2/shunt-policies/
> 
> Regards
> 
> Andreas
> 
> On 26.03.2012 20:12, Shukla, Sanjay wrote:
>> I am using 4.6.2 charon with IKEv2. What approaches are suggested
>> to allow TLS / 443 traffic restriction so that they are not subject
>> to IPSec.
>> 
>> 
>> 
>> Regards,
>> 
>> -sanjay
> 
> ======================================================================
>
> 
Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!
> www.strongswan.org Institute for Internet Technologies and
> Applications University of Applied Sciences Rapperswil CH-8640
> Rapperswil (Switzerland) 
> ===========================================================[ITA-HSR]==
>
> 
> 
> DISCLAIMER: This e-mail may contain information that is confidential,
> privileged or otherwise protected from disclosure. If you are not an
> intended recipient of this e-mail, do not duplicate or redistribute
> it by any means. Please delete it and any attachments and notify the
> sender that you have received it in error. Unintended recipients are
> prohibited from taking action on the basis of information in this
> e-mail.E-mail messages may contain computer viruses or other defects,
> may not be accurately replicated on other systems, or may be
> intercepted, deleted or interfered with without the knowledge of the
> sender or the intended recipient. If you are not comfortable with the
> risks associated with e-mail messages, you may decide not to use
> e-mail to communicate with IPC. IPC reserves the right, to the extent
> and under circumstances permitted by applicable law, to retain,
> monitor and intercept e-mail messages to and from its systems.

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==