Feature #278: Strongswan don't support port ranges in left/rightprotoport - strongSwan

Feature #278

Strongswan don't support port ranges in left/rightprotoport

Added by Jürgen Meier over 7 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Martin Willi

Category:

charon

Target version:

5.2.0

Start date:

11.01.2013

Due date:

Estimated time:

Resolution:

Fixed

Description

A support of port ranges in ipsec.conf parameters left/rightprotoport is very helpful to split udp applications on different SAs if the peer has only one IP Address.

History

#1 Updated by Martin Willi over 7 years ago

Assignee deleted (~~Andreas Steffen~~)
Target version deleted (~~5.0.2~~)

charon can handle port ranges internally for IKEv2. However, the Linux kernel does not (and probably never will) support port ranges. While extending our configuration backend would be trivial, it wouldn't be of any use.

#2 Updated by Martin Willi about 6 years ago

Status changed from New to Closed
Assignee set to Martin Willi
Target version set to 5.2.0
Resolution set to Fixed

Starting with 5.1.0, port ranges can be configured for left/rightsubnet selectors, refer to ipsec.conf(5) for details.

However, none of our kernel backends support such ranges. As it is unlikely that such an extension will be accepted by the Linux networking folks, we can't do much about it.

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues

Feature #278

Strongswan don't support port ranges in left/rightprotoport

History

#1 Updated by Martin Willi over 7 years ago

#2 Updated by Martin Willi about 6 years ago