[Openswan Users] May I set up a tunnel to protect only somepacket

Xiuduan Fang xf4c at cs.virginia.edu
Sat Mar 12 12:18:48 CET 2005

Thank you for your help. The left/rightprotoport parameters work. But once I 
used these parameters, I found only the packets through the designate ports 
were allowed, and all the other packets were suppressed.  For instance, I 
set left/rightprotoport to be icmp, then I could ping the other end host and 
the packtes were also protected but I could not use sftp or other 
applications. This is not what I want. I want to protect only some packets 
but all the other packets are still allowed to pass in clear text. Any 
----- Original Message ----- 
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Monday, February 28, 2005 3:37 AM
Subject: Re: [Openswan Users] May I set up a tunnel to protect only 

> Xiuduan Fang wrote:
>> I have set up a host-to-host tunnel using openswan. But this tunnel 
>> protects all the packets between the two hosts. I am wondering if I can 
>> configure ipsec.conf to protect only part of packets, for example, 
>> packtets generated by a specific application, eg. FTP.
> You can use the left/rightprotoport parameters. See also:
> http://www.strongsec.com/freeswan/install.htm#section_4.5
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users 

More information about the Users mailing list