[strongSwan] how to use dynamically assigned port numbers in /etc/ipsec.conf

lux-integ lux-integ at btconnect.com
Wed Mar 6 18:06:11 CET 2013


Greetings,

I while ago I stretched the protoport-dual
( http://www2.strongswan.org/uml/testresults5/pfkey/protoport-dual/index.html 
)

setup to do NFS. Normally for NFS the statd port is assigned dynamically by 
the linux kernel.   For a fixed  port number ( say take 6000 in /etc/services 
(for example ) for statd this seems to work

(snippey in /etc/ipsec.conf gateway=moon)
#---------------------------------
conn rw-statd_tcp
	leftprotoport=udp/6000
	rightprotoport=udp/6000


conn rw-statd_udp
	leftprotoport=udp/6000
	rightprotoport=udp/6000
#---------------------------------

however I want a setup where the port numbers are not assigned statically  in 
/etc/services and 
I fetch them  by executing  some script  such as:-

Statd_portNo=/bin/sh -c "someScript".   

So in a nutshell I want to know if I can (in /etc/ipsec.conf) do this:-

(snippet in /etc/ipsec.conf gateway=moon)
#---------------------------------
config setup
          Statd_portNo='/bin/sh -c "someScript"'
conn rw-statd_tcp
	leftprotoport=tcp/${Statd_portNo}
	rightprotoport=tcp/${Statd_portNo}


conn rw-statd_udp
	leftprotoport=udp/${Statd_portNo}
	rightprotoport=udp/${Statd_portNo}
#---------------------------------

---if I cant, where in /etc/ipsec.conf would I put this?:-
Statd_portNo=/bin/sh -c "someScript"

---if I cant use any script  what can I do to use  dynamicically-assigned  
port numbers?

thanks in advance

sincerely
luxInteg





More information about the Users mailing list