Re: [strongSwan] need to allow ssl restriction
Hi Andreas, My requirement is to pass traffic on a certain port, how can I specify the port numbers in connection configuration Regards, -sanjay - Please consider the environment before printing this email. -Original Message- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Monday, March 26, 2012 2:27 PM To: Shukla, Sanjay Cc: users@lists.strongswan.org Subject: Re: [strongSwan] need to allow ssl restriction Hello Sanjay, you can define a pass shunt policy for TCP port 443. Just have a look at our example scenario: www.strongswan.org/uml/testresults/ikev2/shunt-policies/ Regards Andreas On 26.03.2012 20:12, Shukla, Sanjay wrote: I am using 4.6.2 charon with IKEv2. What approaches are suggested to allow TLS / 443 traffic restriction so that they are not subject to IPSec. Regards, -sanjay == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems. ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] need to allow ssl restriction
Hi Sanjay, you can define only a single port per passthrough connection, e.g. conn p1 also=pass leftprotoport=tcp/0 rightprotoport=tcp/https auto=route conn p2 also=pass leftprotoport=tcp/0 rightprotoport=tcp/imaps auto=route conn pass type=pass authby=never leftsubnet=.. rightsubnet=.. Regards Andreas On 03/30/2012 02:57 PM, Shukla, Sanjay wrote: Hi Andreas, My requirement is to pass traffic on a certain port, how can I specify the port numbers in connection configuration Regards, -sanjay - Please consider the environment before printing this email. -Original Message- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Monday, March 26, 2012 2:27 PM To: Shukla, Sanjay Cc: users@lists.strongswan.org Subject: Re: [strongSwan] need to allow ssl restriction Hello Sanjay, you can define a pass shunt policy for TCP port 443. Just have a look at our example scenario: www.strongswan.org/uml/testresults/ikev2/shunt-policies/ Regards Andreas On 26.03.2012 20:12, Shukla, Sanjay wrote: I am using 4.6.2 charon with IKEv2. What approaches are suggested to allow TLS / 443 traffic restriction so that they are not subject to IPSec. Regards, -sanjay == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems. -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] need to allow ssl restriction
I am using 4.6.2 charon with IKEv2. What approaches are suggested to allow TLS / 443 traffic restriction so that they are not subject to IPSec. Regards, -sanjay [cid:tree43f6.png]Please consider the environment before printing this email. DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems. attachment: tree43f6.png___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] need to allow ssl restriction
Hello Sanjay, you can define a pass shunt policy for TCP port 443. Just have a look at our example scenario: www.strongswan.org/uml/testresults/ikev2/shunt-policies/ Regards Andreas On 26.03.2012 20:12, Shukla, Sanjay wrote: I am using 4.6.2 charon with IKEv2. What approaches are suggested to allow TLS / 443 traffic restriction so that they are not subject to IPSec. Regards, -sanjay == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== smime.p7s Description: S/MIME Cryptographic Signature ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
