[strongSwan] Question about multiple ports in left/right subnet
Dan Cook
onedsc at gmail.com
Wed Jul 23 22:15:52 CEST 2014
Would help if read the entire section:
"The port value can alternatively take the value *%opaque* for RFC 4301
OPAQUE selectors, or a numerical range
in the form 1024-65535. None of the kernel backends currently supports
opaque or port ranges and uses *%any*
for policy installation instead."
OK this implies that it will silently be replaced with %any if a range is
encountered. It that correct?
On Wed, Jul 23, 2014 at 12:54 PM, Dan Cook <onedsc at gmail.com> wrote:
> I am trying to figure out how to express port ranges in the left/right
> subnet configuration in the ipsec.conf file.
>
> I found a feature request here:
> https://wiki.strongswan.org/issues/278
>
> The resolution says:
> "Starting with 5.1.0, port ranges can be configured for left/rightsubnet
> selectors, refer to ipsec.conf(5) for details."
>
> However there is no example of port ranges in the online docs. Is there
> an example of a port range configuration that can be shared?
>
> Also there is an additional comment:
> "However, none of our kernel backends support such ranges. As it is
> unlikely that such an extension will be accepted by the Linux networking
> folks, we can't do much about it."
>
> What exactly does that mean? If you configure ranges SS will:
> 1) do nothing - SS silently ignores them.
> 2) configure the range as individual ports (100-200) will be result in 200
> connections being configured.
> 3) Try to send it to the kernel and hopelessly fail
> 4) throw an error and move on
>
> What options do I have if I need to configure a range of ports?
>
> Regards,
> Dan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140723/14adad7d/attachment.html>
More information about the Users
mailing list