On Mon, May 08, 2006 at 10:04:29PM -0500, David DeSimone wrote: > Eugene M. Kim <[EMAIL PROTECTED]> wrote: > > > > I haven't tried this myself, but you may want to try using > > "unique:<policy-id>" instead of "require" as the policy level > > After reading up on this behavior, I gave it a try, replacing all > "require" policies with "unique". I found that there was no need to > set a policy identifier, as the system apparently chooses a random > identifier if none is specified, and so all SPD's create unique SAD's as > a result.
To be more exact, you can set up a manual reqid between 1 and IPSEC_MANUAL_REQID_MAX (0x3fff by default), or let the system take the next available value from IPSEC_MANUAL_REQID_MAX+1. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
