Subject: Re: FreeS/WAN <-> KAME
To: Jan Schaumann <jschauma@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: netbsd-users
Date: 09/11/2002 15:18:45
On Wed, Sep 11, 2002 at 03:19:18PM -0400, Jan Schaumann wrote:
> "Noah L. Meyerhans" <frodo@morgul.net> wrote:
> > On Mon, Sep 09, 2002 at 06:13:10PM -0400, Jan Schaumann wrote:
> > > I've been trying to follow these examples, but when I start ipsec on the
> > > Linux-site, it seems to try to use IPsec for all communication (I only
> > > want it to talk to the NetBSD machine at a certain port using IPsec).
> > > At the same time, on the NetBSD side, connections to the specified port
> > > on the Linux machine time out; racoon complains:
> >
> > I don't think FreeS/WAN allows port-specific security assiciations.
>
> Rats. So if I want traffic to some port encrypted, I will need to
> encrypt _every_thing? Isn't that, uhm, suboptimal? Suppose I want to
Yes. FreeS/WAN doesn't really have a policy engine at all; the inability
to control what gets encrypted and what doesn't is just one frustrating
consequence of that.
Thor