On 03/26/2011 12:00 PM, VANHULLEBUS Yvan wrote:
On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote:
Hi,
Hi.
If one has multiple entries in the SPD some representing more specific
network addresses not to be encrypted and sent over an
ipsec tunnel vs more general networks that would be encrypted would this
work?
In other words say I have a x.x.0.0/16 that should encrypted but in that
x.x.0.0/16 I don't want x.x.84.0/23
to be encrypted could I do that? If so is dependent on the order the SPD
entries are made?
Yes, SPD entries are ordered.
Just set up first specific SPD entries for traffic which must not be
encrypted, then the tunnel/transport entries for networks.
Yvan.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Hi Yvan,
Thanks for the info.
I for one certainly appreciate all you and Timo do for ipsec-tools.
Regards,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
