current-users: setkey and 0.0.0.0/0

Subject: setkey and 0.0.0.0/0
To: None <current-users@netbsd.org>
From: Martti Kuparinen <martti.kuparinen@iki.fi>
List: current-users
Date: 12/21/2004 20:28:30

Hi!

I'm debating with someone about setkey's spdadd syntax. Here's an example:

spdadd 10.0.0.0/24 0.0.0.0/0 any -P out ipsec
   esp/tunnel/10.0.0.10-10.0.0.1/require;

Which one is true:

1) 0.0.0.0/0 is "any of my local addresses"
2) 0.0.0.0/0 is "any address, local or foreign"

I'd say #2 so I read the above rule as "outgoing traffic from anyone
in the 10.0.0.0/24 network to any destination must be tunneled and outer 
header's src=10.0.0.10 and dst=10.0.0.1".

I also read it that 10.0.0.10 is my address and 10.0.0.1 is the security
gateway's address.

Am I right or wrong?

Martti