The protoport= is a selector that narrows down the IP ranges specified in left/right (or leftsubnet/rightsubnet).
The example you quote had type=passthrough so it defines what will not be used for IPSec. The default is type=tunnel which means what to include for IPSec. Sent from my iPhone > On Nov 1, 2015, at 12:53, ChenHao <[email protected]> wrote: > > Hi All: > > Based on example of /etc/ipsec.d/v6neighbor-hole.conf , the traffic of > "ICMPv6 Neighbor Solicitation" or "ICMPv6 Neighbor Solicitation" in > encrypted. Right ? > > So I think "leftprotoport=17/0" means all UDP traffic is NOT protected by > IPSec. Right? > > > Thanks and regards > > Hao Chen > > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
