[strongSwan] Question about multiple ports in left/right subnet

Dan Cook onedsc at gmail.com
Wed Jul 23 22:15:52 CEST 2014

Would help if read the entire section:

"The port value can alternatively take the value *%opaque* for RFC 4301
OPAQUE selectors, or a numerical range
in the form 1024-65535. None of the kernel backends currently supports
opaque or port ranges and uses *%any*
for policy installation instead."

OK this implies that it will silently be replaced with %any if a range is
encountered.  It that correct?

On Wed, Jul 23, 2014 at 12:54 PM, Dan Cook <onedsc at gmail.com> wrote:

> I am trying to figure out how to express port ranges in the left/right
> subnet configuration in the ipsec.conf file.
> I found a feature request here:
> https://wiki.strongswan.org/issues/278
> The resolution says:
> "Starting with 5.1.0, port ranges can be configured for left/rightsubnet
> selectors, refer to ipsec.conf(5) for details."
> However there is no example of port ranges in the online docs.  Is there
> an example of a port range configuration that can be shared?
> Also there is an additional comment:
> "However, none of our kernel backends support such ranges. As it is
> unlikely that such an extension will be accepted by the Linux networking
> folks, we can't do much about it."
> What exactly does that mean?  If you configure ranges SS will:
> 1) do nothing - SS silently ignores them.
> 2) configure the range as individual ports (100-200) will be result in 200
> connections being configured.
> 3) Try to send it to the kernel and hopelessly fail
> 4) throw an error and move on
> What options do I have if I need to configure a range of ports?
> Regards,
> Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140723/14adad7d/attachment.html>

More information about the Users mailing list