From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 19 18:56:12 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E03AA1065673 for ; Tue, 19 Jul 2011 18:56:12 +0000 (UTC) (envelope-from zbeeble@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id B35C98FC26 for ; Tue, 19 Jul 2011 18:56:12 +0000 (UTC) Received: by iyb11 with SMTP id 11so5326632iyb.13 for ; Tue, 19 Jul 2011 11:56:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=VawMN0QVZw4qsq7C74Cl3xRkf3X5xcPb+QG9dBOm1b8=; b=eJZlP98mAXvZRkkhOJXjNdAmKUFpDCgmDn8uRXDi1Q0iQ4R66QrvPnLB574UEom77H UmmHLZ0zkj9Me+3XEGSrgnvKKRCVvaxo4p/0s90xXoJN1Qk+l4UuMp/MDiC3x8Yx8igF eHjNZ01GsrRbJ93i2qgm23Vbyohd+ScxaXXKk= MIME-Version: 1.0 Received: by 10.42.146.65 with SMTP id i1mr9670212icv.201.1311099939032; Tue, 19 Jul 2011 11:25:39 -0700 (PDT) Received: by 10.42.213.130 with HTTP; Tue, 19 Jul 2011 11:25:39 -0700 (PDT) Date: Tue, 19 Jul 2011 14:25:39 -0400 Message-ID: From: Zaphod Beeblebrox To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: setkey and -ctx X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2011 18:56:13 -0000 I have a Cisco ASA which expects a different tunnel for each IP that I'm sending traffic to (ie: it expects a different tunnel per firewall rule over there). It looks like I should have each SA in a different domain on my side to do this --- so it looks like I should be using the "-ctx" flag to setkey (or in /etc/ipsec.conf). But setkey appears to reject this... Is this unimplemented? Am I missing something?