It appears it can only take one IP address. listen IP address to listen on, defaults to ANY. Currently only accepts one IP address.
Is there any way to specify multiple Ip interfaces or subnets? From: Mamta Gambhir via Swan <[email protected]> Date: Tuesday, April 1, 2025 at 11:00 PM To: Andrew Cagney <[email protected]> Cc: [email protected] <[email protected]> Subject: [Swan] Re: [External] : Re: Exclude interfaces Thank you so much.Will try it now. For multiple interfaces, do space separated ip addresses work? From: Andrew Cagney <[email protected]> Date: Tuesday, April 1, 2025 at 6:48 PM To: Mamta Gambhir <[email protected]> Cc: [email protected] <[email protected]> Subject: [External] : Re: [Swan] Exclude interfaces listen=IP see https://urldefense.com/v3/__https://testing.libreswan.org/v5.2-344-g6f074291e0/addconn-21-config-setup-listen/__;!!ACWV5N9M2RV99hQ!Lq5eV7WhbSPS7gw3QsQlH87g-uI9Xt5yJXT1tW-x__3VxmL79_seXcLcuQAvmJLfGm9TmQt2xbDb9nlYlEWeaW8KwA$<https://urldefense.com/v3/__https:/testing.libreswan.org/v5.2-344-g6f074291e0/addconn-21-config-setup-listen/__;!!ACWV5N9M2RV99hQ!Lq5eV7WhbSPS7gw3QsQlH87g-uI9Xt5yJXT1tW-x__3VxmL79_seXcLcuQAvmJLfGm9TmQt2xbDb9nlYlEWeaW8KwA$> On Tue, 1 Apr 2025 at 17:08, Mamta Gambhir via Swan <[email protected]> wrote: > > Hello, > > s there any way to exclude certain interfaces completely on ipsec start i.e > when pluto daemon does addconn it skips say interface - dlre1 and only adds > dlre0. > > Basically those interfaces stay invisible to pluto. > > > > Mar 26 15:22:14 pluto[18722]: listening for IKE messages > > Mar 26 15:22:14 pluto[18722]: Kernel supports NIC esp-hw-offload > > Mar 26 15:22:14 pluto[18722]: adding UDP interface dlre1 10.106.135.28:500 > > Mar 26 15:22:14 pluto[18722]: adding UDP interface dlre1 10.106.135.28:4500 > > Mar 26 15:22:14 com pluto[18722]: adding UDP interface dlre0 192.168.58.99:500 > > Mar 26 15:22:14 pluto[18722]: adding UDP interface dlre0 192.168.58.99:4500 > > Mar 26 15:22:14 pluto[18722]: adding UDP interface eth0 10.31.10.8:500 > > > > I couldn’t find anything in ipsec.conf to do that. > > Thanks > > Mamta > > _______________________________________________ > Swan mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ Swan mailing list -- [email protected] To unsubscribe send an email to [email protected]
