Surf outside Internet through VPN
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Fri Dec 19 07:05:59 PST 2008
On Fri, Dec 19, 2008 at 01:35:02PM +0000, Tom Evans wrote:
> On Fri, 2008-12-19 at 14:03 +0100, VANHULLEBUS Yvan wrote:
> >
> > Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does
> > NOT means "any IP", it does REALLY means "the network with base
> > address 0.0.0.0 and 0 bits of netmask".
> >
> >
> > Yvan.
>
> Could you define an IPv4 IP address that wouldn't be matched by that
> definition? IE - aren't they both the same thing? I might be being
> dense..
When setting up configurations, I often see people who put 0.0.0.0/0
as traffic endpoint one one side, and "something else" on the other
side (either in racoon.conf's sainfo sections or in SPD traffic
endpoints), and who think it will work. It won't.
Of course, once you get such SPD entry, any packet wich matches the
other network (myip as source in my previous example) will match the
SPD.
Yvan.
More information about the freebsd-net
mailing list