Subject: Re: how do I do this with our ipsec...
To: Bill Studenmund <wrstuden@netbsd.org>
From: Perry E. Metzger <perry@wasabisystems.com>
List: tech-security
Date: 06/22/2002 20:33:19
Bill Studenmund <wrstuden@netbsd.org> writes:
> On 22 Jun 2002, Perry E. Metzger wrote:
> > So I want to do something that isn't that weird if you think about it,
> > but which isn't that obvious to do. I have a wireless host, and I'd
> > like to shove all cleartext traffic into an IPSEC tunnel to the NetBSD
> > based gateway to the wired network, but not bother to double-encrypt
> > stuff that is already in IPSec.
> >
> > I can't figure out for the life of me if it is possible to set this
> > up, or how I'd try to do it. Yes, I've read our manual pages. They
> > aren't very informative. Could someone with clue perhaps drop me a
> > note?
> 
> Can we set IPsec policy based on IP protocol number? If so, could you set
> a clear-text policy for ESP & AH, and then have a default policy to catch
> everything else going through the gateway?

I'd hope you could, but again, I can't figure out HOW.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/