[Openswan Users] May I set up a tunnel to protect only somepacket
Xiuduan Fang
xf4c at cs.virginia.edu
Sat Mar 12 12:18:48 CET 2005
Thank you for your help. The left/rightprotoport parameters work. But once I
used these parameters, I found only the packets through the designate ports
were allowed, and all the other packets were suppressed. For instance, I
set left/rightprotoport to be icmp, then I could ping the other end host and
the packtes were also protected but I could not use sftp or other
applications. This is not what I want. I want to protect only some packets
but all the other packets are still allowed to pass in clear text. Any
hints?
----- Original Message -----
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Monday, February 28, 2005 3:37 AM
Subject: Re: [Openswan Users] May I set up a tunnel to protect only
somepacket
> Xiuduan Fang wrote:
>
>> I have set up a host-to-host tunnel using openswan. But this tunnel
>> protects all the packets between the two hosts. I am wondering if I can
>> configure ipsec.conf to protect only part of packets, for example,
>> packtets generated by a specific application, eg. FTP.
>
> You can use the left/rightprotoport parameters. See also:
> http://www.strongsec.com/freeswan/install.htm#section_4.5
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list