Date: Tue, 19 Feb 2002 12:11:09 +0100 From: "Dennis Pedersen" <mlists@daydreamer.dk> To: <security@freebsd.org>, "James F. Hranicky" <jfh@cise.ufl.edu> Subject: Re: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?) ...) Message-ID: <006c01c1b936$228f6540$0301a8c0@dpws> References: <20020218024408.CF51069B1@mail.cise.ufl.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "James F. Hranicky" <jfh@cise.ufl.edu> To: <security@freebsd.org> Sent: Monday, February 18, 2002 3:44 AM Subject: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?) ...) > > Well, after cooling down from my rant, it seems I've been able to > get dynamic IP IPSEC support working with racoon and x509 certs. > Currently, I run setkey on the clients like so: > > spdadd client.X.X.X server.X.X.X any -P out ipsec > esp/transport/client.X.X.X-server.X.X.X/use; > spdadd server.X.X.X client.X.X.X any -P in ipsec > esp/transport/server.X.X.X-client.X.X.X/use; This is probaly a bit O.T but i can't seem to find my answer else where so here goes. What is the last options for in the setkey policy? (use or require for example) the dokumentation dos'nt mention much about it. Is it for multible tunnels or? Regards Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006c01c1b936$228f6540$0301a8c0>