man: add support for multiple addresses/ranges/subnets in ipsec.conf left=
This commit is contained in:
Martin Willi
parent
3070697f9f
commit
6301ec0ac5
|
|
@ -488,9 +488,8 @@ Relevant only locally, other end need not agree on it.
|
|||
synonym for
|
||||
.BR lifetime .
|
||||
.TP
|
||||
.BR left " = <ip address> | <fqdn> | " %any
|
||||
(required)
|
||||
the IP address of the left participant's public-network interface
|
||||
.BR left " = <ip address> | <fqdn> | " %any " | <range> | <subnet> "
|
||||
The IP address of the left participant's public-network interface
|
||||
or one of several magic values.
|
||||
The value
|
||||
.B %any
|
||||
|
|
@ -510,6 +509,14 @@ If
|
|||
.B %any
|
||||
is used for the remote endpoint it literally means any IP address.
|
||||
|
||||
To limit the connection to a specific range of hosts, a range (
|
||||
.BR 10.1.0.0-10.2.255.255
|
||||
) or a subnet (
|
||||
.BR 10.1.0.0/16
|
||||
) can be specified, and multiple addresses, ranges and subnets can be separated
|
||||
by commas. While one can freely combine these items, to initiate the connection
|
||||
at least one non-range/subnet is required.
|
||||
|
||||
Please note that with the usage of wildcards multiple connection descriptions
|
||||
might match a given incoming connection attempt. The most specific description
|
||||
is used in that case.
|
||||
|
|
|
|||
Loading…
Reference in New Issue