Matthew Emmerton wrote:
> I have this:
>
> spdadd 10.0.2.0/26 10.0.2.128/28 any -P in ipsec
> esp/tunnel/209.167.75.124-209.167.75.123/require;
> spdadd 10.0.2.128/28 10.0.2.0/26 any -P out ipsec
> esp/tunnel/209.167.75.123-209.167.75.124/require;
>
> Although now I'm slightly confused since I had switched from 'tunnel' to
> 'transport' after someone pointed out that since gif is a tunnel, I don't
> have to rely on IPSec's 'tunnel' mode do do the encapsulation.
You're using transport mode SAs (over an IP tunnel, but still not "IPsec
tunnel mode"), so this should be "transport" not "tunnel".
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
