[Swan] subnet syntax
Paul Wouters
paul at nohats.ca
Mon Oct 27 22:40:45 EET 2014
On Mon, 27 Oct 2014, Jérémie Vandeville wrote:
> Hi everyone, Strongswan allow a very simple and elegant syntax for
> right/left subnet
> leftsubnet=10.0.0.0/24[icmp],10.0.0.0/24[tcp/8000]
> rightsubnet=10.0.1.0/24[icmp],10.0.1.0/24[tcp/%any]
>
> Is it possible to do the same configuration with libreswan ?
No. You will need to make two conns using:
conn one
also=base
leftsubnet=10.0.0.0/24
rightsubnet=10.0.1.0/24
leftprotoport=icmp
rightprotoport=icmp
conn two
also=base
leftsubnet=10.0.0.0/24
rightsubnet=10.0.1.0/24
leftprotoport=tcp/8000
rightprotoport=tcp/%any
conn base
left=....
right=...
etc.
Paul
More information about the Swan
mailing list