[Openswan dev] Re: per-X controls

Herbert Xu herbert at gondor.apana.org.au
Wed May 24 17:39:04 CEST 2006

Hi Michael:

On Sun, May 21, 2006 at 12:40:27PM -0400, Michael Richardson wrote:
>     Herbert> 2) For the L2TP client case you already know the server
>     Herbert> address which allows you to specify a selector even using
>     Herbert> today's pluto configuration language:
>     Herbert> leftsubnet= rightsubnet= leftprotoport=udp/0
>     Herbert> rightprotoport=udp/1701
>   that's says:
> 	 create an SA with a specific origin port (specified by the
> 	 client).
>   you can not say:
> 	 create an SA with %any as the origin port 
>   that is because "%any" is implemented as "0"

I see.

BTW, have you looked at the socket-specific IPsec policy feature in Linux?
That would seem to be a better fit for L2TP/IPsec rather than relying on
random selectors falling into place, no?

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

More information about the Dev mailing list