Hi,
I have a question regarding IPsec tunnel mode AH processing.
ipsec(4) says:
AH tunnel may not work as you might expect. If you configure ``require''
policy against AH tunnel for inbound, tunneled packets will be rejected.
This is because AH authenticates encapsulating (outer) packet,
<[EMAIL PROTECTED]> wrote:
> hi all...i just have one simple question. can altq work with ng_bridge if i
> were to use both of it to bridge and shape traffic? currently i'm using
> "options BRIDGE" in my kernel configuration and altq works flawlessly. i
> haven't got the chance to play around
>Even if the policy is specified as "required", it looks (at least, to
>me) that SA (destination address, Security Protocol(AH/ESP), and SPI)
>is properly established. I don't see anything that can prevent it from
>working if the policy is specified as 'require'.
>
>Will anybody here help me unde
