Subject: setkey and
To: None <>
From: Martti Kuparinen <>
List: current-users
Date: 12/21/2004 20:28:30

I'm debating with someone about setkey's spdadd syntax. Here's an example:

spdadd any -P out ipsec

Which one is true:

1) is "any of my local addresses"
2) is "any address, local or foreign"

I'd say #2 so I read the above rule as "outgoing traffic from anyone
in the network to any destination must be tunneled and outer 
header's src= and dst=".

I also read it that is my address and is the security
gateway's address.

Am I right or wrong?