[strongSwan] IPv6, whole /64 in transport mode
noel.kuntze+strongswan-users-ml at thermi.consulting
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Jan 21 09:31:15 CET 2020
Because that's how it's implemented in this case. Read the linked pages in the description.
Am January 21, 2020 8:27:03 AM UTC schrieb Victor Sudakov <vas at sibptus.ru>:
>Victor Sudakov wrote:
>>
>> If you mean the "Host-To-Host transport mode" example at
>> https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
>> this is exactly what I would like explained a bit:
>>
>> 1. Why does the example use "right=%any rightsubnet=192.168.1.0/24"
>> instead of just "right=192.168.1.0/24" ?
>>
>> 2. Does not "right=%any" mean that Strongswan will try to encrypt any
>outgoing connection?
>>
>> I've of course read man ipsec.conf, but the semantics of
>> {left,right}subnet in *transport* mode is still not quite clear to
>me.
>
>If I understand correctly then
>
>1. "{left,right}subnet" means the traffic which should trigger the
>creation of a SA.
>
>2. {left,right} mean the SA peers (endpoints).
>
>Is this correct?
>
>Still I don't understand why the example uses "right=%any" for multiple
>hosts from the "rightsubnet". How is that (SA peer selection?) is
>supposed to work?
>
>--
>Victor Sudakov, VAS4-RIPE, VAS47-RIPN
>2:5005/49 at fidonet http://vas.tomsk.ru/
Sent from mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200121/178746cd/attachment.html>
More information about the Users
mailing list