tech-net: Re: ipsec_set_policy(3) syntax for multiple tunnel endpoints

Subject: Re: ipsec_set_policy(3) syntax for multiple tunnel endpoints
To: None <M.Drochner@fz-juelich.de>
From: None <itojun@iijlab.net>
List: tech-net
Date: 06/18/2002 11:57:40

>Obviously, this doesn't scale well. It would be nice
>just to need two lines like:
>spdadd 0.0.0.0/0 DLNET any -P out ipsec esp/tunnel/R-(=PEER)/require;
>where (=PEER) would evaluate to the actual connection partner from
>DLNET at runtime.

	we don't dynamically generate policy in the kernel.  if you are using
	racoon for IKE, "generate_policy" directive may suit you needs.

itojun