IPsec: odd behaviour with policies
Helge Oldach
helge.oldach at atosorigin.com
Thu Mar 11 01:29:56 PST 2004
Nick Slager:
>I have a newly created VPN between a 4.8 box and a Cisco VPN 3000
>Concentrator.
>
>/etc/ipsec.conf:
>
>flush;
>spdflush;
>spdadd 192.168.1.1/32 1.2.3.4/32 any -P out ipsec
>esp/tunnel/203.1.1.1-203.2.2.2/require;
>spdadd 1.2.3.4/32 192.168.1.1/32 any -P in ipsec
>esp/tunnel/203.2.2.2-203.1.1.1/require;
>
>spdadd 192.168.1.1/32 1.2.3.5/32 any -P out ipsec
>esp/tunnel/203.1.1.1-203.2.2.2/require;
>spdadd 1.2.3.5/32 192.168.1.1/32 any -P in ipsec
>esp/tunnel/203.2.2.2-203.1.1.1/require;
Try using "unique" instead of "require".
(This is my standard answer on the subject. :-))
Helge
More information about the freebsd-net
mailing list