[Swan] subnet syntax

Paul Wouters paul at nohats.ca
Mon Oct 27 22:40:45 EET 2014


On Mon, 27 Oct 2014, Jérémie Vandeville wrote:

> Hi everyone, Strongswan allow a very simple and elegant syntax for
> right/left subnet

>        leftsubnet=10.0.0.0/24[icmp],10.0.0.0/24[tcp/8000]
>        rightsubnet=10.0.1.0/24[icmp],10.0.1.0/24[tcp/%any]
>
> Is it possible to do the same configuration with libreswan ?

No. You will need to make two conns using:

conn one
 	also=base
 	leftsubnet=10.0.0.0/24
 	rightsubnet=10.0.1.0/24
 	leftprotoport=icmp
 	rightprotoport=icmp
conn two
 	also=base
 	leftsubnet=10.0.0.0/24
 	rightsubnet=10.0.1.0/24
 	leftprotoport=tcp/8000
 	rightprotoport=tcp/%any
conn base
 	left=....
 	right=...
 	etc.

Paul


More information about the Swan mailing list