<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>The protoport= is a selector that narrows down the IP ranges specified in left/right (or leftsubnet/rightsubnet). </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">The example you quote had type=passthrough so it defines what will not be used for IPSec. The default is type=tunnel which means what to include for IPSec.</div><div id="AppleMailSignature"><br><br>Sent from my iPhone</div><div><br>On Nov 1, 2015, at 12:53, ChenHao <<a href="mailto:earthlovepython@outlook.com">earthlovepython@outlook.com</a>> wrote:<br><br></div><blockquote type="cite"><div>

<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:微软雅黑
}
--></style>
<div dir="ltr">Hi All:<div><br></div><div><span style="font-size: 12pt;">Based on example of </span><span style="color: rgb(31, 73, 125); font-family: Calibri, sans-serif; font-size: 14.6667px;">/etc/ipsec.d/v6neighbor-hole.conf </span><span style="font-size: 12pt;">, the traffic of "ICMPv6 Neighbor Solicitation" or "ICMPv6 Neighbor Solicitation" in encrypted.  Right ? </span></div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">So I think "leftprotoport=17/0" means all UDP traffic is NOT protected by IPSec. Right? </span></div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">Thanks and regards</span></div><div><span style="font-size: 12pt;"><br></span></div><div><span style="font-size: 12pt;">Hao Chen</span></div><div><span style="font-size: 12pt;"><br></span></div><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:SimSun;mso-fareast-theme-font:minor-fareast;mso-bidi-font-family:
"Times New Roman";color:#1F497D;mso-ansi-language:EN-US;mso-fareast-language:
ZH-CN;mso-bidi-language:AR-SA"> <br></span>                                      </div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Swan mailing list</span><br><span><a href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a></span><br><span><a href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a></span><br></div></blockquote></body></html>