On Tue, 23 Jan 2018, António Silva wrote:
I try to set the leftprotoport / rightprotoport=udp/4789 , i can ping the ip
on boxB going trough the vxlan but the traffic is not encrypted..
Well yes, ping does not use udp port 4789 :)
Sowmini, you suggest using two tunnels, how should they be?
conn boxA
[...]
leftprotoport=udp/4789
rightprotoport=udp/4789
I think you want:
conn boxA-out
[...]
leftprotoport=udp
rightprotoport=udp/4789
conn boxA-in
[...]
leftprotoport=udp/4789
rightprotoport=udp
That covers two flows, any ephemeral port to remote udp 4789
and any ephemeral port from remote to local udp 4789
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
