Would help if read the entire section: "The port value can alternatively take the value *%opaque* for RFC 4301 OPAQUE selectors, or a numerical range in the form 1024-65535. None of the kernel backends currently supports opaque or port ranges and uses *%any* for policy installation instead."
OK this implies that it will silently be replaced with %any if a range is encountered. It that correct? On Wed, Jul 23, 2014 at 12:54 PM, Dan Cook <[email protected]> wrote: > I am trying to figure out how to express port ranges in the left/right > subnet configuration in the ipsec.conf file. > > I found a feature request here: > https://wiki.strongswan.org/issues/278 > > The resolution says: > "Starting with 5.1.0, port ranges can be configured for left/rightsubnet > selectors, refer to ipsec.conf(5) for details." > > However there is no example of port ranges in the online docs. Is there > an example of a port range configuration that can be shared? > > Also there is an additional comment: > "However, none of our kernel backends support such ranges. As it is > unlikely that such an extension will be accepted by the Linux networking > folks, we can't do much about it." > > What exactly does that mean? If you configure ranges SS will: > 1) do nothing - SS silently ignores them. > 2) configure the range as individual ports (100-200) will be result in 200 > connections being configured. > 3) Try to send it to the kernel and hopelessly fail > 4) throw an error and move on > > What options do I have if I need to configure a range of ports? > > Regards, > Dan > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
