SPD

Stephen Clark sclark46 at earthlink.net
Mon Mar 28 14:38:07 UTC 2011


On 03/26/2011 12:00 PM, VANHULLEBUS Yvan wrote:
> On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote:
>    
>> Hi,
>>      
> Hi.
>
>
>    
>> If one has multiple entries in the SPD some representing more specific
>> network addresses not to be encrypted and sent over an
>> ipsec tunnel vs more general networks that would be encrypted would this
>> work?
>>
>> In other words say I have a x.x.0.0/16 that should encrypted but in that
>> x.x.0.0/16 I don't want x.x.84.0/23
>> to be encrypted could I do that? If so is dependent on the order the SPD
>> entries are made?
>>      
> Yes, SPD entries are ordered.
>
> Just set up first specific SPD entries for traffic which must not be
> encrypted, then the tunnel/transport entries for networks.
>
>
> Yvan.
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
>    
Hi Yvan,

Thanks for the info.
I for one certainly appreciate all you and Timo do for ipsec-tools.


Regards,
Steve

-- 

"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty
decreases."  (Thomas Jefferson)





More information about the freebsd-stable mailing list