[strongSwan] Possible to specify a %dynamic traffic selector with port?
Glen Huang
heyhgl at gmail.com
Sun Jan 28 10:57:09 CET 2018
Hi,
I currently use 0.0.0.0/0 as the local_ts on my server, and when my mac connects to it via ikev2 vpn, in the routing table I see ipsec0 is used as the default gateway. But it also says if the destination is directly my server, it should go through eth0.
I have a couple services open on the server, and I’d like connection to them to be protected by ipsec too. I wonder what should I specify in local_ts?
I tried local_ts = 0.0.0.0/0,%dynamic[53], but I can not longer connect to the ikev2 vpn, and the error contained "no matching peer config found”. Removing “,%dynamic[53]” fixed it.
Is it possible to specify a port for %dynamic? And is specifying multiple selectors the right approach to protect both the forwarded and direct connection to server?
Regards,
Glen
More information about the Users
mailing list