sclark46 at earthlink.net
Mon Mar 28 14:38:07 UTC 2011
On 03/26/2011 12:00 PM, VANHULLEBUS Yvan wrote:
> On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote:
>> If one has multiple entries in the SPD some representing more specific
>> network addresses not to be encrypted and sent over an
>> ipsec tunnel vs more general networks that would be encrypted would this
>> In other words say I have a x.x.0.0/16 that should encrypted but in that
>> x.x.0.0/16 I don't want x.x.84.0/23
>> to be encrypted could I do that? If so is dependent on the order the SPD
>> entries are made?
> Yes, SPD entries are ordered.
> Just set up first specific SPD entries for traffic which must not be
> encrypted, then the tunnel/transport entries for networks.
> freebsd-stable at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
Thanks for the info.
I for one certainly appreciate all you and Timo do for ipsec-tools.
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
More information about the freebsd-stable