Date: Sat, 26 Mar 2011 17:00:35 +0100 From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: SPD Message-ID: <20110326160034.GA62127@zeninc.net> In-Reply-To: <4D8CC2C5.7020508@earthlink.net> References: <4D8CC2C5.7020508@earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote: > Hi, Hi. > If one has multiple entries in the SPD some representing more specific > network addresses not to be encrypted and sent over an > ipsec tunnel vs more general networks that would be encrypted would this > work? > > In other words say I have a x.x.0.0/16 that should encrypted but in that > x.x.0.0/16 I don't want x.x.84.0/23 > to be encrypted could I do that? If so is dependent on the order the SPD > entries are made? Yes, SPD entries are ordered. Just set up first specific SPD entries for traffic which must not be encrypted, then the tunnel/transport entries for networks. Yvan.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110326160034.GA62127>