From owner-freebsd-security  Tue Feb 19  3: 7:26 2002
Delivered-To: freebsd-security@freebsd.org
Received: from fe040.worldonline.dk (fe040.worldonline.dk [212.54.64.205])
	by hub.freebsd.org (Postfix) with SMTP id 1CC7237B400
	for <security@freebsd.org>; Tue, 19 Feb 2002 03:07:19 -0800 (PST)
Received: (qmail 32481 invoked by uid 0); 19 Feb 2002 11:07:17 -0000
Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128)
  by fe040.worldonline.dk with SMTP; 19 Feb 2002 11:07:17 -0000
Message-ID: <006c01c1b936$228f6540$0301a8c0@dpws>
From: "Dennis Pedersen" <mlists@daydreamer.dk>
To: <security@freebsd.org>, "James F. Hranicky" <jfh@cise.ufl.edu>
References: <20020218024408.CF51069B1@mail.cise.ufl.edu>
Subject: Re: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?) ...)
Date: Tue, 19 Feb 2002 12:11:09 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


----- Original Message -----
From: "James F. Hranicky" <jfh@cise.ufl.edu>
To: <security@freebsd.org>
Sent: Monday, February 18, 2002 3:44 AM
Subject: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?)
...)


>
> Well, after cooling down from my rant, it seems I've been able to
> get dynamic IP IPSEC support working with racoon and x509 certs.
> Currently, I run setkey on the clients like so:
>
>    spdadd client.X.X.X server.X.X.X any  -P out ipsec
>     esp/transport/client.X.X.X-server.X.X.X/use;
>    spdadd server.X.X.X client.X.X.X any  -P in ipsec
>     esp/transport/server.X.X.X-client.X.X.X/use;

This is probaly a bit O.T but i can't seem to find my answer else where so
here goes.
What is the last options for in the setkey policy? (use or require for
example) the dokumentation dos'nt mention much about it.
Is it for multible tunnels or?


Regards
Dennis



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message