Because that's how it's implemented in this case. Read the linked pages in the description.
Am January 21, 2020 8:27:03 AM UTC schrieb Victor Sudakov <v...@sibptus.ru>: >Victor Sudakov wrote: >> >> If you mean the "Host-To-Host transport mode" example at >> https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples >> this is exactly what I would like explained a bit: >> >> 1. Why does the example use "right=%any rightsubnet=192.168.1.0/24" >> instead of just "right=192.168.1.0/24" ? >> >> 2. Does not "right=%any" mean that Strongswan will try to encrypt any >outgoing connection? >> >> I've of course read man ipsec.conf, but the semantics of >> {left,right}subnet in *transport* mode is still not quite clear to >me. > >If I understand correctly then > >1. "{left,right}subnet" means the traffic which should trigger the >creation of a SA. > >2. {left,right} mean the SA peers (endpoints). > >Is this correct? > >Still I don't understand why the example uses "right=%any" for multiple >hosts from the "rightsubnet". How is that (SA peer selection?) is >supposed to work? > >-- >Victor Sudakov, VAS4-RIPE, VAS47-RIPN >2:5005/49@fidonet http://vas.tomsk.ru/ Sent from mobile
