[Swan-dev] leftikeport= does not set tcp port

Paul Wouters paul at nohats.ca
Wed Sep 16 13:02:55 UTC 2020


On Wed, 16 Sep 2020, Andrew Cagney wrote:

> There is {left,right}ikeport?

Yes, but it does not seem to affect TCP :)

Paul

> On Tue, 15 Sep 2020 at 22:48, Paul Wouters <paul at nohats.ca> wrote:
>
>       Some changes were made a while ago to the TCP port handling. You no
>       longer specify a port in 'config setup'. Instead there is
>       listen-tcp=yes|no and listen-udp=yes|no
>
>       For UDP, you can set custom ikeport's using leftikeport= and
>       rightikeport.
>
>       For TCP, you can set the port to connect to using tcp-remoteport=
>
>       But for the responder/server, we have no way now to specify a
>       non-default TCP port. Current default is 4500.
>
>       Should leftikeport/rightikeport be changed to also set the TCP
>       port? Or should we introduce a lefttcpikeport= and righttcpikeport= ?
>
>       Or should we add a config setup tcp-ports= option that defaults to 4500
>       but can be set to like 4500,443 ?
>
>       Note that we currently do not bind connections to ports. The connections
>       might open the specific port, but than any connection can use it. So
>       perhaps tcp-ports= is the easiest and cleanest solution ?
>
>       Paul
>       _______________________________________________
>       Swan-dev mailing list
>       Swan-dev at lists.libreswan.org
>       https://lists.libreswan.org/mailman/listinfo/swan-dev
> 
> 
>


More information about the Swan-dev mailing list