Subject: Re: FreeS/WAN <-> KAME
To: Jan Schaumann <>
From: Thor Lancelot Simon <>
List: netbsd-users
Date: 09/11/2002 15:18:45
On Wed, Sep 11, 2002 at 03:19:18PM -0400, Jan Schaumann wrote:
> "Noah L. Meyerhans" <> wrote:
> > On Mon, Sep 09, 2002 at 06:13:10PM -0400, Jan Schaumann wrote:
> > > I've been trying to follow these examples, but when I start ipsec on the
> > > Linux-site, it seems to try to use IPsec for all communication (I only
> > > want it to talk to the NetBSD machine at a certain port using IPsec).
> > > At the same time, on the NetBSD side, connections to the specified port
> > > on the Linux machine time out; racoon complains:
> > 
> > I don't think FreeS/WAN allows port-specific security assiciations.
> Rats.  So if I want traffic to some port encrypted, I will need to
> encrypt _every_thing?  Isn't that, uhm, suboptimal?  Suppose I want to

Yes.  FreeS/WAN doesn't really have a policy engine at all; the inability
to control what gets encrypted and what doesn't is just one frustrating
consequence of that.