diff options
| author | Martin Willi <martin@revosec.ch> | 2013-07-25 16:43:19 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-09-04 10:38:37 +0200 |
| commit | 6301ec0ac522b6b42cebc7e987cb53764be1abad (patch) | |
| tree | ce2664c18c38e86e12320d5b38d0571ccc82e8bd | |
| parent | 3070697f9f7cc87e5abd9924dccedda9b2656100 (diff) | |
| download | strongswan-6301ec0ac522b6b42cebc7e987cb53764be1abad.tar.bz2 strongswan-6301ec0ac522b6b42cebc7e987cb53764be1abad.tar.xz | |
man: add support for multiple addresses/ranges/subnets in ipsec.conf left=
| -rw-r--r-- | man/ipsec.conf.5.in | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 61abc0a0e..b85172923 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -488,9 +488,8 @@ Relevant only locally, other end need not agree on it. synonym for .BR lifetime . .TP -.BR left " = <ip address> | <fqdn> | " %any -(required) -the IP address of the left participant's public-network interface +.BR left " = <ip address> | <fqdn> | " %any " | <range> | <subnet> " +The IP address of the left participant's public-network interface or one of several magic values. The value .B %any @@ -510,6 +509,14 @@ If .B %any is used for the remote endpoint it literally means any IP address. +To limit the connection to a specific range of hosts, a range ( +.BR 10.1.0.0-10.2.255.255 +) or a subnet ( +.BR 10.1.0.0/16 +) can be specified, and multiple addresses, ranges and subnets can be separated +by commas. While one can freely combine these items, to initiate the connection +at least one non-range/subnet is required. + Please note that with the usage of wildcards multiple connection descriptions might match a given incoming connection attempt. The most specific description is used in that case. |