From owner-freebsd-net@freebsd.org  Thu Mar  8 04:30:21 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC1D2F2FFC2
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu,  8 Mar 2018 04:30:21 +0000 (UTC)
 (envelope-from m.muenz@spam-fetish.org)
Received: from mailout-02.maxonline.de (mailout-02.maxonline.de [81.24.66.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5CB1583A09
 for <freebsd-net@FreeBSD.org>; Thu,  8 Mar 2018 04:30:20 +0000 (UTC)
 (envelope-from m.muenz@spam-fetish.org)
Received: from web03-01.max-it.de (web03-01.max-it.de [81.24.64.215])
 by mailout-02.maxonline.de (Postfix) with ESMTPS id AB82C47
 for <freebsd-net@FreeBSD.org>; Thu,  8 Mar 2018 05:30:13 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by web03-01.max-it.de (Postfix) with ESMTP id 961AE28A0BB
 for <freebsd-net@FreeBSD.org>; Thu,  8 Mar 2018 05:30:13 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at web03-01.max-it.de
Received: from web03-01.max-it.de ([127.0.0.1])
 by localhost (web03-01.max-it.de [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id vFG7fX6I864W for <freebsd-net@FreeBSD.org>;
 Thu,  8 Mar 2018 05:30:12 +0100 (CET)
Received: from [81.24.66.132] (unknown [81.24.66.132])
 (Authenticated sender: m.muenz@spam-fetish.org)
 by web03-01.max-it.de (Postfix) with ESMTPA id 55EFE28A0BA
 for <freebsd-net@FreeBSD.org>; Thu,  8 Mar 2018 05:30:12 +0100 (CET)
From: "Muenz, Michael" <m.muenz@spam-fetish.org>
Subject: Mixing if_ipsec in 11.1 with old policy based IPSEC
To: freebsd-net@FreeBSD.org
Message-ID: <650da163-b5d5-aed0-167b-109115210b46@spam-fetish.org>
Date: Thu, 8 Mar 2018 05:30:11 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 04:30:22 -0000

Hi list,

I'm trying to get some docs and examples about the new if_ipsec code. 
For what I read now, it seems to be a bit tricky* running legacy policy 
based IPSEC in combination with on route based IPSEC with Strongswan. Is 
it possible to mix them for bigger sites running e.g. one Azure VPN and 
multiple legacy VPNs to customers?


Thanks!

Michael


[*] https://genneko.github.io/playing-with-bsd/networking/freebsd-vti-ipsec