From owner-freebsd-security Thu Oct 14 2:26:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from enst.enst.fr (enst.enst.fr [137.194.2.16]) by hub.freebsd.org (Postfix) with ESMTP id DC5A614BFC for ; Thu, 14 Oct 1999 02:26:13 -0700 (PDT) (envelope-from beyssac@enst.fr) Received: from bofh.enst.fr (bofh-2.enst.fr [137.194.2.37]) by enst.enst.fr (8.9.1a/8.9.1) with ESMTP id LAA07585; Thu, 14 Oct 1999 11:25:57 +0200 (MET DST) Received: by bofh.enst.fr (Postfix, from userid 12426) id 658BAD226; Thu, 14 Oct 1999 11:25:57 +0200 (CEST) Message-ID: <19991014112557.B37800@enst.fr> Date: Thu, 14 Oct 1999 11:25:57 +0200 From: Pierre Beyssac To: Patrick Bihan-Faou , Philip Hallstrom , freebsd-security@FreeBSD.ORG Subject: Re: pipsecd example? References: <029001bf15dc$33f44c60$190aa8c0@local.mindstep.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <029001bf15dc$33f44c60$190aa8c0@local.mindstep.com>; from Patrick Bihan-Faou on Wed, Oct 13, 1999 at 08:36:49PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 13, 1999 at 08:36:49PM -0400, Patrick Bihan-Faou wrote: > Your imagination... As long as one end's remote key(s) is the other end's > local key(s). There is a mistake in the sample configuration file. I will > correct it sometime... You're quite right, I realized that a few weeks ago: diff -r1.2 -r1.3 42c42 < sa ipesp spi=1001 enc=blowfish_cbc ekey=d00db00fd00d00d00db00fd00dc00e dest=5.6.7.8 --- > sa ipesp spi=1001 enc=blowfish_cbc ekey=d00db00fd00d00d00db00fd00dc00e Sorry about the confusion. I really have to write that manpage... > ethernet wire), it has a software one (pipsecd). BTW, this also means that > it needs an IP address on the network you chose as the "tunnel" network. Right. It's a good idea to use a RFC 1918 network number if you don't want to change your subnetting or your addressing plan. -- Pierre Beyssac pb@enst.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message