From owner-freebsd-stable@FreeBSD.ORG  Fri Mar 25 16:47:51 2011
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A34071065743
	for <freebsd-stable@freebsd.org>; Fri, 25 Mar 2011 16:47:51 +0000 (UTC)
	(envelope-from sclark46@earthlink.net)
Received: from elasmtp-mealy.atl.sa.earthlink.net
	(elasmtp-mealy.atl.sa.earthlink.net [209.86.89.69])
	by mx1.freebsd.org (Postfix) with ESMTP id 7B2D48FC1C
	for <freebsd-stable@freebsd.org>; Fri, 25 Mar 2011 16:47:51 +0000 (UTC)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net;
	b=AlybG++FdphlUgP+fsfCsD7UkZGF8ufteTrEJGA9TxJzPMc34CxNqVadVu/Gfa/k;
	h=Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
Received: from [69.22.83.66] (helo=joker.seclark.com)
	by elasmtp-mealy.atl.sa.earthlink.net with esmtpsa
	(TLSv1:AES256-SHA:256) (Exim 4.67)
	(envelope-from <sclark46@earthlink.net>) id 1Q39sc-000613-Ci
	for freebsd-stable@freebsd.org; Fri, 25 Mar 2011 12:28:54 -0400
Message-ID: <4D8CC2C5.7020508@earthlink.net>
Date: Fri, 25 Mar 2011 12:28:53 -0400
From: Stephen Clark <sclark46@earthlink.net>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
	rv:1.9.1.15) Gecko/20101027 Fedora/3.0.10-1.fc12 Thunderbird/3.0.10
MIME-Version: 1.0
To: FreeBSD Stable <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: a437fbc6971e80f61aa676d7e74259b7b3291a7d08dfec79a693bd04203f5ff5ebaae6088067006e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 69.22.83.66
Subject: SPD
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: sclark46@earthlink.net
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2011 16:47:51 -0000

Hi,

If one has multiple entries in the SPD some representing more specific 
network addresses not to be encrypted and sent over an
ipsec tunnel vs more general networks that would be encrypted would this 
work?

In other words say I have a x.x.0.0/16 that should encrypted but in that 
x.x.0.0/16 I don't want x.x.84.0/23
to be encrypted could I do that? If so is dependent on the order the SPD 
entries are made?

Thanks,
Steve