[strongSwan] Traffic selector narrowing using several protocols/ports

Horvath Bob-BHORVAT1 Bob.Horvath at motorolasolutions.com
Thu Jul 11 20:01:36 CEST 2013

I am  trying to figure out if what I am trying to do is impossible, or I don't know how to configure it.  For a remote access case,  I would like to have the server set up child SAs only for specific protocols.

For examples, say I want certain clients to only be able to access http and dns.

If I have two connection profiles, one with ....

conn http

... and the other with ...

conn domain

conn host-host
    #the usual stuff

... it sets up a traffic selector for http, but not domain.  If I reverse them in the file, it picks domain and not http.

I can do a "ipsec up domain" to add it, but I need it to be automatic.

I started looking at the updown scripts, but I am hoping there is an easier way I am missing.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130711/9c204ddd/attachment.html>

More information about the Users mailing list