[strongSwan] Problem observed during traffic selector narrowing
Patil, Shashidhar 1. (NSN - IN/Bangalore)
shashidhar.1.patil at nsn.com
Wed Jun 12 15:20:58 CEST 2013
Hi Martin,
Thanks for the response.
But we have already tried this (%any or omitting the parameter itself) but the result is the same.
Following is curious observation from our side:
If all the three parameters of traffic selectors "IP address range", "protocol range" and "port range" are bigger then tunnel gets established.
The problem arises in the following situations:
s-gw-1 has higher IP address range but its protocol range is smaller and vice versa
BR,
Shashidhar
-----Original Message-----
From: ext Martin Willi [mailto:martin at strongswan.org]
Sent: Tuesday, June 11, 2013 3:40 PM
To: Patil, Shashidhar 1. (NSN - IN/Bangalore)
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Problem observed during traffic selector narrowing
Hi,
> rightprotoport=any
> leftprotoport=any
That's not a valid configuration, and fails here with:
> # bad protocol: leftprotoport=any
> # bad protocol: rightprotoport=any
If you want to have any protocol/port combination in the traffic
selectors, use "%any", or omit the keyword completely. man ipsec.conf
for details.
Regards
Martin
More information about the Users
mailing list