AFAIK it's not supported in IKE, so it's not supported in ipsec.conf
On Thu, Sep 04, 2008 at 10:37:25AM +0200, Michael wrote:
> Hi,
>
> I am trying to setup IPsec and also exclude some parts from getting
> processed by IPsec.
>
> In IPSEC.CONF(5) the description says
>
> [...]
> from src [port sport] to dst [port dport]
> [...]
> The optional port modifiers restrict the flows to the specified ports
> [...]
>
> It is possible to supply multiple src and dst adresses if inside {}.
>
> However, I also would like to add a portrange instead of having to
> manually write one entry for every flow, but it seems that it is only
> possible to add one single port.
>
> Is that right? Did someone manage to add a portrange?
>
> I would need something like:
> flow esp proto udp from X.X.X.X to Y.Y.Y.Y port 5000:5050 type bypass
>
>
> Thanks in advance,
> Michael
