[strongSwan] Wrong traffic selecting on local side.
Tobias Brunner
tobias at strongswan.org
Mon Aug 7 11:26:34 CEST 2017
Hi Jaehong,
> This is the charon.log with debug level 2, when the problem happens.
> At the end of selecting ts for us, it picks tcp_udp_4001 instead of
> selecting icmp_any.
> Is this a bug?
Not really. The tcp_udp_4001 connection allows any protocol, so when
the peer proposes ICMP that's perfectly acceptable. The port 4001 is
interpreted as ICMP type and code in the upper and lower bytes, i.e. 15
and 161, respectively. And this type of narrowing is perfectly fine.
Regards,
Tobias
More information about the Users
mailing list