aboutsummaryrefslogtreecommitdiffstats
path: root/man/ipsec.conf.5.in
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2013-03-01 11:27:12 +0100
committerMartin Willi <martin@revosec.ch>2013-03-01 11:27:12 +0100
commita36b49f3cb941869127bccd0a30fd1ff4905dc82 (patch)
tree090178e3ed9770feedde5d52a5eb53b930c15c97 /man/ipsec.conf.5.in
parent53fcc70acc553c7f44c43d452ee73b5ac7c1b484 (diff)
parentb443fa61231357a4c09f0bfed22be05727427cda (diff)
downloadstrongswan-a36b49f3cb941869127bccd0a30fd1ff4905dc82.tar.bz2
strongswan-a36b49f3cb941869127bccd0a30fd1ff4905dc82.tar.xz
Merge branch 'opaque-ports'
Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
Diffstat (limited to 'man/ipsec.conf.5.in')
-rw-r--r--man/ipsec.conf.5.in8
1 files changed, 8 insertions, 0 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index c623186d9..3c0071694 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -742,6 +742,14 @@ can be used to the same effect, e.g.
.B leftprotoport=udp/%any
or
.BR leftprotoport=%any/53 .
+
+The port value can alternatively take the value
+.B %opaque
+for RFC 4301 OPAQUE selectors, or a numerical range in the form
+.BR 1024-65535 .
+None of the kernel backends currently supports opaque or port ranges and uses
+.B %any
+for policy installation instead.
.TP
.BR leftrsasigkey " = <raw rsa public key> | <path to public key>"
the left participant's public key for RSA signature authentication, in RFC 2537