tech-kern: Re: IPSEC in GENERIC

Subject: Re: IPSEC in GENERIC
To: Christos Zoulas <christos@zoulas.com>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-kern
Date: 02/22/2006 13:16:25

I think ipsec_havespd might have to be true if any of these are non-1

net.inet.ipsec.def_policy = 1 [IPSEC_POLICY_NONE]

net.inet.ipsec.esp_trans_deflev = 1 [IPSEC_LEVLE_USE]
net.inet.ipsec.esp_net_deflev = 1
net.inet.ipsec.ah_trans_deflev = 1
net.inet.ipsec.ah_net_deflev = 1


-- 
        Greg Troxel <gdt@ir.bbn.com>