[Openswan Users] Openswan has "interesting traffic" like Cisco ACL?
Willie Gillespie
wgillespie+openswan at es2eng.com
Mon Jul 23 12:30:47 EDT 2012
On 7/21/2012 9:40 AM, Brendan Choi wrote:
> What is the Openswan equivalent to Cisco IOS's "interesting traffic"?
>
> I have Linux Openswan working with a Cisco router. I would like to give
> Openswan the precise IP and TCP traffic I want encrypted, just like with
> a Cisco ACL.
>
> Seems the closest thing is "leftsubnets" and "rightsubnets". I'm new to
> Openswan, so please enlighten me. Thanks!
Yes, leftsubnets will let you define IPs you want encrypted.
leftprotoport can further limit a conn to a specific protocol and port.
As far as I know, Openswan won't do on demand creation of the tunnels
like Cisco does. It just brings them up and tries to keep them up.
More information about the Users
mailing list