From owner-freebsd-security Tue Mar 5 2: 4:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 6D67937B402 for ; Tue, 5 Mar 2002 02:04:47 -0800 (PST) Received: from localhost (kame197.kame.net [203.178.141.197]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g25A9LQ96002; Tue, 5 Mar 2002 19:09:21 +0900 (JST) (envelope-from sakane@kame.net) To: mlists@daydreamer.dk Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' In-Reply-To: Your message of "Tue, 5 Mar 2002 10:43:10 +0100" <002401c1c42a$29b4cd70$0301a8c0@dpws> References: <002401c1c42a$29b4cd70$0301a8c0@dpws> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020305190525E.sakane@kame.net> Date: Tue, 05 Mar 2002 19:05:25 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 17 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > the message means the SPD entry to be used this negotiation has > > different ipsec tunnel end points, such like > > spdadd X Y any -P out ipsec > > esp/tunnel/A-B/use > > esp/tunnel/A-C/use; > Uhm, i've read and kind of docs about the last parameter on the spdadd > (use/unique/etc/) but is it explained anywhere when i use what and why? > If i wanna set up a box as a concentrator what parm do i use then? although i haven't understood what you mean, the kernel can understand the SP entry which is defined different ipsec tunnel end points. when you configure propoer SAs by using setkey(8) against such SP entry, you will get a nested IPsec tunnel. but racoon just doesn't support it as i said. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message