Specify IPSEC port range using ipsec-tools
- by Sandman4
Is it possible to require IPSEC on a port range ?
I want to require IPSEC for all incoming connections except a few public ports like 80 and 443, but don't want to restrict outgoing connections.
My SPD rules would look like:
spdadd 0.0.0.0/0 0.0.0.0/0[80] tcp -P in none;
spdadd 0.0.0.0/0 0.0.0.0/0[443] tcp -P in none;
spdadd 0.0.0.0/0 0.0.0.0/0[0....32767] tcp -P in esp/require/transport;
In setkey manpage I see IP ranges, but no mention of port ranges.
(The idea is to use IPSEC as a sort of VPN to protect internal communications between multiple servers. Instead of configuring permissions basing on source IPs, or configuring specific ports, I want to demand IPSEC on anything which is not meant to be public - I feel it's less error-prone this way.)