[strongSwan] IPv6, whole /64 in transport mode

noel.kuntze+strongswan-users-ml at thermi.consulting noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jan 21 09:31:15 CET 2020

Because that's how it's implemented in this case. Read the linked pages in the description.

Am January 21, 2020 8:27:03 AM UTC schrieb Victor Sudakov <vas at sibptus.ru>:
>Victor Sudakov wrote:
>> If you mean the "Host-To-Host transport mode" example at
>> https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
>> this is exactly what I would like explained a bit:
>> 1. Why does the example use "right=%any rightsubnet="
>> instead of just "right=" ?
>> 2. Does not "right=%any" mean that Strongswan will try to encrypt any
>outgoing connection?
>> I've of course read man ipsec.conf, but the semantics of
>> {left,right}subnet in *transport* mode is still not quite clear to
>If I understand correctly then
>1.  "{left,right}subnet" means the traffic which should trigger the
>creation of a SA.
>2. {left,right} mean the SA peers (endpoints).
>Is this correct?
>Still I don't understand why the example uses "right=%any" for multiple
>hosts from the "rightsubnet". How is that (SA peer selection?) is
>supposed to work?
>Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
>2:5005/49 at fidonet http://vas.tomsk.ru/

Sent from mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200121/178746cd/attachment.html>

More information about the Users mailing list