From owner-freebsd-stable@FreeBSD.ORG Mon Mar 28 14:38:07 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25E0810656B1 for ; Mon, 28 Mar 2011 14:38:07 +0000 (UTC) (envelope-from sclark46@earthlink.net) Received: from elasmtp-curtail.atl.sa.earthlink.net (elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64]) by mx1.freebsd.org (Postfix) with ESMTP id ECAF08FC16 for ; Mon, 28 Mar 2011 14:38:06 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=sqWT6gyMwnlY1yWgKDi9soej/5PtJQ5YaWV9c3QoBMgkdUUUu3aEYuGwOiG541dR; h=Received:Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP; Received: from [69.22.83.66] (helo=joker.seclark.com) by elasmtp-curtail.atl.sa.earthlink.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67) (envelope-from ) id 1Q4Da2-00087o-C9; Mon, 28 Mar 2011 10:38:06 -0400 Message-ID: <4D909D4D.2020201@earthlink.net> Date: Mon, 28 Mar 2011 10:38:05 -0400 From: Stephen Clark User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Fedora/3.0.10-1.fc12 Thunderbird/3.0.10 MIME-Version: 1.0 To: VANHULLEBUS Yvan References: <4D8CC2C5.7020508@earthlink.net> <20110326160034.GA62127@zeninc.net> In-Reply-To: <20110326160034.GA62127@zeninc.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-ELNK-Trace: a437fbc6971e80f61aa676d7e74259b7b3291a7d08dfec79a36fd8cd1eb03d8a8c5ba6bba41d7b36350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 69.22.83.66 Cc: FreeBSD Stable Subject: Re: SPD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sclark46@earthlink.net List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2011 14:38:07 -0000 On 03/26/2011 12:00 PM, VANHULLEBUS Yvan wrote: > On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote: > >> Hi, >> > Hi. > > > >> If one has multiple entries in the SPD some representing more specific >> network addresses not to be encrypted and sent over an >> ipsec tunnel vs more general networks that would be encrypted would this >> work? >> >> In other words say I have a x.x.0.0/16 that should encrypted but in that >> x.x.0.0/16 I don't want x.x.84.0/23 >> to be encrypted could I do that? If so is dependent on the order the SPD >> entries are made? >> > Yes, SPD entries are ordered. > > Just set up first specific SPD entries for traffic which must not be > encrypted, then the tunnel/transport entries for networks. > > > Yvan. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > Hi Yvan, Thanks for the info. I for one certainly appreciate all you and Timo do for ipsec-tools. Regards, Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)