[Openswan dev] Re: per-X controls
Herbert Xu
herbert at gondor.apana.org.au
Wed May 24 17:39:04 CEST 2006
Hi Michael:
On Sun, May 21, 2006 at 12:40:27PM -0400, Michael Richardson wrote:
>
> Herbert> 2) For the L2TP client case you already know the server
> Herbert> address which allows you to specify a selector even using
> Herbert> today's pluto configuration language:
>
> Herbert> leftsubnet= rightsubnet= leftprotoport=udp/0
> Herbert> rightprotoport=udp/1701
>
> that's says:
> create an SA with a specific origin port (specified by the
> client).
>
> you can not say:
> create an SA with %any as the origin port
>
> that is because "%any" is implemented as "0"
I see.
BTW, have you looked at the socket-specific IPsec policy feature in Linux?
That would seem to be a better fit for L2TP/IPsec rather than relying on
random selectors falling into place, no?
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Dev
mailing list