[strongSwan] Traffic selector narrowing using several protocols/ports
Horvath Bob-BHORVAT1
Bob.Horvath at motorolasolutions.com
Thu Jul 11 20:01:36 CEST 2013
I am trying to figure out if what I am trying to do is impossible, or I don't know how to configure it. For a remote access case, I would like to have the server set up child SAs only for specific protocols.
For examples, say I want certain clients to only be able to access http and dns.
If I have two connection profiles, one with ....
conn http
leftprotoport=tcp
rightprotoport=tcp/http
also=host-host
auto=start
... and the other with ...
conn domain
rightprotoport=%any/domain
also=host-host
auto=start
conn host-host
#the usual stuff
... it sets up a traffic selector for http, but not domain. If I reverse them in the file, it picks domain and not http.
I can do a "ipsec up domain" to add it, but I need it to be automatic.
I started looking at the updown scripts, but I am hoping there is an easier way I am missing.
Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130711/9c204ddd/attachment.html>
More information about the Users
mailing list