On Sun, 24 May 2020, Tuomo Soini wrote:
On Fri, 22 May 2020 14:00:54 -0400 (EDT)
Paul Wouters <[email protected]> wrote:
ip: add .any_port to ip_protoport, seems tcp/0 and tcp/%any are
subtly different
Warning. A connection containing %any (i think even in protoports=)
become a template and therefor cannot initiate. That's a limit in
our implementation. I think most of the tcp/0 is really a tcp/%any but
we need to be able to initiate" workaround.
tcp/%any means any single port proposed by remote.
Ah that is true actually. But how does the initiator say the same thing?
It cannot use %any because the connection would not be able to initiate
as it would become a template. I guess we might only support using an
ephemeral port in the responder, and assume the initiator always uses
a static port?
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
