On May 22, 2020, at 20:01, Andrew Cagney <[email protected]> wrote: > > On Fri, 22 May 2020 at 13:40, Paul Wouters <[email protected]> wrote: >> >>> On Fri, 22 May 2020, Andrew Cagney wrote: >>> >>> Here's the next subtle issue. From netkey-passthrough-03: >>> >>> conn west-east-passthrough-a >>> also=west-east >>> leftprotoport=tcp/0 >>> rightprotoport=tcp/222 >>> type=passthrough >>> authby=never
>>> > ... and that's what I tried. It broke netkey-passthrough-03. > Because tcp/0 was a "wildcard", the connection was flagged as a > template, and the routing code refused to route it. A passthrough connection can never instantiate (which requires IKE), so we could tweak this and not mark it as template conn based on authby=never Paul _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
