Subject: setkey and 0.0.0.0/0
To: None <email@example.com>
From: Martti Kuparinen <firstname.lastname@example.org>
Date: 12/21/2004 20:28:30
I'm debating with someone about setkey's spdadd syntax. Here's an example:
spdadd 10.0.0.0/24 0.0.0.0/0 any -P out ipsec
Which one is true:
1) 0.0.0.0/0 is "any of my local addresses"
2) 0.0.0.0/0 is "any address, local or foreign"
I'd say #2 so I read the above rule as "outgoing traffic from anyone
in the 10.0.0.0/24 network to any destination must be tunneled and outer
header's src=10.0.0.10 and dst=10.0.0.1".
I also read it that 10.0.0.10 is my address and 10.0.0.1 is the security
Am I right or wrong?