From owner-freebsd-net@FreeBSD.ORG Tue Nov 18 01:55:44 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 10DE116A4D0 for ; Tue, 18 Nov 2003 01:55:44 -0800 (PST) Received: from mail.trident-uk.co.uk (mail.trident-uk.co.uk [81.3.89.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71D2743FAF for ; Tue, 18 Nov 2003 01:55:42 -0800 (PST) (envelope-from jamie@tridentmicrosystems.co.uk) Received: from localhost (localhost.pe.trident-uk.co.uk [127.0.0.1]) by mail.trident-uk.co.uk (Postfix) with ESMTP id E435220D4F; Tue, 18 Nov 2003 09:55:38 +0000 (GMT) Received: from nico (nico.trident-uk.co.uk [194.207.93.17]) by mail.trident-uk.co.uk (Postfix) with ESMTP id 1DA7820D5F; Tue, 18 Nov 2003 09:55:38 +0000 (GMT) From: "Jamie Heckford" To: "'Helge Oldach'" Date: Tue, 18 Nov 2003 09:55:26 -0000 Organization: Trident Microsystems Ltd Message-ID: <000801c3adba$17a09cb0$115dcfc2@nico> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 Importance: Normal In-Reply-To: <200311171641.RAA29240@galaxy.hbg.de.ao-srv.com> X-Virus-Scanned: by AMaViS perl-11 cc: freebsd-net@freebsd.org Subject: RE: Problem with Racoon/IPSec/Setkey - Routing to/from multiple netwo rks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jamie@tridentmicrosystems.co.uk List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 09:55:44 -0000 Helge Oldach wrote: > Jamie Heckford: >> /usr/sbin/setkey -c << EOF >> flush; >> spdflush; >> spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; >> spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec >> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require; >> spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec >> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; >> spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec >> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec >> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require; >> spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec >> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require; >> EOF > > Try using "unique" instead of "require". > > Helge Thanks a lot Helge, this worked fine :) What does unique do instead of require..? Cheers, Jamie