[Swan] How to recognize an HTTP request that passes through the IPSec channel?
Michael Furman
michael_furman at hotmail.com
Tue May 31 08:07:41 UTC 2016
Thank you for your answers!Unfortunately I can not use iptables.The request to the server can come both from the IPSec channel and from an end user UI via other port (443).The question if I can somehow to recognize on the server that the request come from the IPSec channel
(that is passes IPsec encryption).
> From: lsorense at csclub.uwaterloo.ca
> Date: Sun, 29 May 2016 14:32:04 -0400
> To: paul at nohats.ca
> CC: michael_furman at hotmail.com; swan at lists.libreswan.org
> Subject: Re: [Swan] How to recognize an HTTP request that passes through the IPSec channel?
>
> On Sun, May 29, 2016 at 02:13:19PM -0400, Paul Wouters wrote:
> > You can limit the tunnel to only allow port 80 traffic using leftprotoport=tcp/80 and rightprotoport=tcp/0
> >
> > But then you still need to be sure unencrypted traffic is blocked if that's what you want to happen.
>
> And of course HTTP traffic on a different port won't work. That would
> require a much more advanced way to recognize the protocol, and in fact
> iptables may in fact be the right tool for that.
>
> --
> Len Sorensen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160531/e3953906/attachment-0001.html>
More information about the Swan
mailing list