[strongSwan] Traffic selector narrowing using several protocols/ports
Bob.Horvath at motorolasolutions.com
Thu Jul 11 20:01:36 CEST 2013
I am trying to figure out if what I am trying to do is impossible, or I don't know how to configure it. For a remote access case, I would like to have the server set up child SAs only for specific protocols.
For examples, say I want certain clients to only be able to access http and dns.
If I have two connection profiles, one with ....
... and the other with ...
#the usual stuff
... it sets up a traffic selector for http, but not domain. If I reverse them in the file, it picks domain and not http.
I can do a "ipsec up domain" to add it, but I need it to be automatic.
I started looking at the updown scripts, but I am hoping there is an easier way I am missing.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users