On Fri, Dec 19, 2008 at 01:35:02PM +0000, Tom Evans wrote: > On Fri, 2008-12-19 at 14:03 +0100, VANHULLEBUS Yvan wrote: > > > > Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does > > NOT means "any IP", it does REALLY means "the network with base > > address 0.0.0.0 and 0 bits of netmask". > > > > > > Yvan. > > Could you define an IPv4 IP address that wouldn't be matched by that > definition? IE - aren't they both the same thing? I might be being > dense..
When setting up configurations, I often see people who put 0.0.0.0/0 as traffic endpoint one one side, and "something else" on the other side (either in racoon.conf's sainfo sections or in SPD traffic endpoints), and who think it will work. It won't. Of course, once you get such SPD entry, any packet wich matches the other network (myip as source in my previous example) will match the SPD. Yvan. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
