Subject: Re: how do I do this with our ipsec...
To: Perry E. Metzger <firstname.lastname@example.org>
From: Jason R Thorpe <email@example.com>
Date: 06/22/2002 17:48:16
On Sat, Jun 22, 2002 at 08:33:19PM -0400, Perry E. Metzger wrote:
> I'd hope you could, but again, I can't figure out HOW.
Using "spdadd" to add the policy in /etc/ipsec.conf (which is used
The "upperspec" described in the setkey(8) manual pages is the protocol
name (any protocol name in /etc/protocols), so:
spdadd 0.0.0.0/0 0.0.0.0/0 esp -P out none
spdadd 0.0.0.0/0 0.0.0.0/0 esp -P in none
...I think will tell the SPD "nothing required for any inbound or
outbound traffic already running in ESP".
-- Jason R. Thorpe <firstname.lastname@example.org>