Date: Mon, 28 Mar 2011 10:38:05 -0400 From: Stephen Clark <sclark46@earthlink.net> To: VANHULLEBUS Yvan <vanhu@freebsd.org> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: SPD Message-ID: <4D909D4D.2020201@earthlink.net> In-Reply-To: <20110326160034.GA62127@zeninc.net> References: <4D8CC2C5.7020508@earthlink.net> <20110326160034.GA62127@zeninc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/26/2011 12:00 PM, VANHULLEBUS Yvan wrote: > On Fri, Mar 25, 2011 at 12:28:53PM -0400, Stephen Clark wrote: > >> Hi, >> > Hi. > > > >> If one has multiple entries in the SPD some representing more specific >> network addresses not to be encrypted and sent over an >> ipsec tunnel vs more general networks that would be encrypted would this >> work? >> >> In other words say I have a x.x.0.0/16 that should encrypted but in that >> x.x.0.0/16 I don't want x.x.84.0/23 >> to be encrypted could I do that? If so is dependent on the order the SPD >> entries are made? >> > Yes, SPD entries are ordered. > > Just set up first specific SPD entries for traffic which must not be > encrypted, then the tunnel/transport entries for networks. > > > Yvan. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > Hi Yvan, Thanks for the info. I for one certainly appreciate all you and Timo do for ipsec-tools. Regards, Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D909D4D.2020201>