Subject: Re: Fixed arp entry for WaveLan?
To: None <>
From: Wolfgang Rupprecht <>
List: current-users
Date: 02/21/2000 19:04:55
Itojun, thanks for the tips.  I'll try them and send you the raccoon
diagnostics privately if things still go badly.

> 	there should be no difference between "isakmp on wireless"
> 	and "isakmp on ethernet"...

The difference I see is that the ipsec / setkey examples all talk
about a system like this:

       HostA --- GatwayA ---- GatewayB --- HostB

The host-ip is not equal to the gatway-ip.  In the wireless case the
system is as such:

       HostA -- HostB

The ip's in the first line of the spdadd and in the following lines
are the same.  Its not even clear to me why the code shouldn't apply
the rule recursively until the maximum rule nesting is achieved.  Am I
misunderstanding the matching rules?

spdadd any -P out ipsec

Lets say this rule is applied to a packet.  The output packet still
has the source address and it still has the destination
address  Wouldn't the rule have to be applied again to
the already 1x ah+esp packet?

Wolfgang Rupprecht    <>
DGPS signals via the Internet