From owner-freebsd-net Mon Jul 2 16:12: 7 2001 Delivered-To: freebsd-net@freebsd.org Received: from starfruit.itojun.org (dial-108-D01.QXO1.equant.net [57.72.131.108]) by hub.freebsd.org (Postfix) with ESMTP id 857BE37B403 for ; Mon, 2 Jul 2001 16:12:04 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from itojun.org (localhost [127.0.0.1]) by starfruit.itojun.org (Postfix) with ESMTP id F0BF37BC; Tue, 3 Jul 2001 08:12:00 +0900 (JST) To: "Cambria, Mike" To: snap-users@kame.net Cc: "'freebsd-net@freebsd.org'" In-reply-to: mcambria's message of Mon, 02 Jul 2001 17:10:47 -0400. <3A6D367EA1EFD4118C9B00A0C9DD99D7064F5E@rerun.lucentctc.com> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: (KAME-snap 5064) Can I define a SPD per interface? From: Jun-ichiro itojun Hagino Date: Tue, 03 Jul 2001 08:12:00 +0900 Message-Id: <20010702231200.F0BF37BC@starfruit.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >I can only find a way to define a global SPD using setkey. Is it possible >to define an (IPv4) SPD on a per interface basis using KAME / FreeBSD4? >If not, are there any plans to add this in the future? >Is there any reason one wouldn't want to have this? no. do you want SPD per interface, or IPsec SPI per interface? anyway, IPsec architecture is not interface-oriented (it lives on top of IP, and the information on interface is already gone) so your suggestion does not fit nicely to the current architecture... why do you want that? like you want to setup a tricky VPN gateway? itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message