Subject: Re: how do I do this with our ipsec...
To: Perry E. Metzger <>
From: Jason R Thorpe <>
List: tech-security
Date: 06/22/2002 17:48:16
On Sat, Jun 22, 2002 at 08:33:19PM -0400, Perry E. Metzger wrote:

 > I'd hope you could, but again, I can't figure out HOW.

Using "spdadd" to add the policy in /etc/ipsec.conf (which is used
by setkey(8)).

The "upperspec" described in the setkey(8) manual pages is the protocol
name (any protocol name in /etc/protocols), so:

spdadd esp -P out none
spdadd esp -P in none

...I think will tell the SPD "nothing required for any inbound or
outbound traffic already running in ESP".

        -- Jason R. Thorpe <>