[Swan-dev] protoport=0/1234
Paul Wouters
paul at nohats.ca
Sat May 23 00:38:02 UTC 2020
On May 22, 2020, at 20:01, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> On Fri, 22 May 2020 at 13:40, Paul Wouters <paul at nohats.ca> wrote:
>>
>>> On Fri, 22 May 2020, Andrew Cagney wrote:
>>>
>>> Here's the next subtle issue. From netkey-passthrough-03:
>>>
>>> conn west-east-passthrough-a
>>> also=west-east
>>> leftprotoport=tcp/0
>>> rightprotoport=tcp/222
>>> type=passthrough
>>> authby=never
>>>
> ... and that's what I tried. It broke netkey-passthrough-03.
> Because tcp/0 was a "wildcard", the connection was flagged as a
> template, and the routing code refused to route it.
A passthrough connection can never instantiate (which requires IKE), so we could tweak this and not mark it as template conn based on authby=never
Paul
More information about the Swan-dev
mailing list