man: add support for multiple addresses/ranges/subnets in ipsec.conf left=
This commit is contained in:
parent
3070697f9f
commit
6301ec0ac5
|
@ -488,9 +488,8 @@ Relevant only locally, other end need not agree on it.
|
||||||
synonym for
|
synonym for
|
||||||
.BR lifetime .
|
.BR lifetime .
|
||||||
.TP
|
.TP
|
||||||
.BR left " = <ip address> | <fqdn> | " %any
|
.BR left " = <ip address> | <fqdn> | " %any " | <range> | <subnet> "
|
||||||
(required)
|
The IP address of the left participant's public-network interface
|
||||||
the IP address of the left participant's public-network interface
|
|
||||||
or one of several magic values.
|
or one of several magic values.
|
||||||
The value
|
The value
|
||||||
.B %any
|
.B %any
|
||||||
|
@ -510,6 +509,14 @@ If
|
||||||
.B %any
|
.B %any
|
||||||
is used for the remote endpoint it literally means any IP address.
|
is used for the remote endpoint it literally means any IP address.
|
||||||
|
|
||||||
|
To limit the connection to a specific range of hosts, a range (
|
||||||
|
.BR 10.1.0.0-10.2.255.255
|
||||||
|
) or a subnet (
|
||||||
|
.BR 10.1.0.0/16
|
||||||
|
) can be specified, and multiple addresses, ranges and subnets can be separated
|
||||||
|
by commas. While one can freely combine these items, to initiate the connection
|
||||||
|
at least one non-range/subnet is required.
|
||||||
|
|
||||||
Please note that with the usage of wildcards multiple connection descriptions
|
Please note that with the usage of wildcards multiple connection descriptions
|
||||||
might match a given incoming connection attempt. The most specific description
|
might match a given incoming connection attempt. The most specific description
|
||||||
is used in that case.
|
is used in that case.
|
||||||
|
|
Loading…
Reference in New Issue