On Wed, 21 Nov 2018, Kirill Logachev wrote:
Thanks for fixing the docs! Yes, not specifying 0/0 in clear fixes the problem.
Good!
Priorities for the OE still seems a little confusing, probably some documentation around it would be helpful.
The idea is that no one should need to use manual priorties, and that priorities are based on "longest prefix first". However, this cannot cover all possibly scenarios so priority can be used for the exceptional cases where our guess on longest prefix first is wrong. I think this really onlt comes into play when you include protoport selectors. For example, one might to add 0.0.0.0:tcp:22 to "clear" to avoid double encryption. It would have to be prioritized over say 1.2.3.4/32 in "private" which has a longer prefix. In general, we advise people not to play tricks with protoports.
Please let me know if I can help with it.
Anyone who wants to help with documentation is welcome. We are a wiki but we limited user registration because of spam. Anyone who wants to help can just request a wiki user. And we welcome all help with documentation. Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
