[strongSwan] how to use dynamically assigned port numbers in /etc/ipsec.conf
lux-integ
lux-integ at btconnect.com
Wed Mar 6 18:06:11 CET 2013
Greetings,
I while ago I stretched the protoport-dual
( http://www2.strongswan.org/uml/testresults5/pfkey/protoport-dual/index.html
)
setup to do NFS. Normally for NFS the statd port is assigned dynamically by
the linux kernel. For a fixed port number ( say take 6000 in /etc/services
(for example ) for statd this seems to work
(snippey in /etc/ipsec.conf gateway=moon)
#---------------------------------
conn rw-statd_tcp
leftprotoport=udp/6000
rightprotoport=udp/6000
conn rw-statd_udp
leftprotoport=udp/6000
rightprotoport=udp/6000
#---------------------------------
however I want a setup where the port numbers are not assigned statically in
/etc/services and
I fetch them by executing some script such as:-
Statd_portNo=/bin/sh -c "someScript".
So in a nutshell I want to know if I can (in /etc/ipsec.conf) do this:-
(snippet in /etc/ipsec.conf gateway=moon)
#---------------------------------
config setup
Statd_portNo='/bin/sh -c "someScript"'
conn rw-statd_tcp
leftprotoport=tcp/${Statd_portNo}
rightprotoport=tcp/${Statd_portNo}
conn rw-statd_udp
leftprotoport=udp/${Statd_portNo}
rightprotoport=udp/${Statd_portNo}
#---------------------------------
---if I cant, where in /etc/ipsec.conf would I put this?:-
Statd_portNo=/bin/sh -c "someScript"
---if I cant use any script what can I do to use dynamicically-assigned
port numbers?
thanks in advance
sincerely
luxInteg
More information about the Users
mailing list