Date: Mon, 17 Nov 2003 17:41:30 +0100 (MET) From: Helge Oldach <helge.oldach@atosorigin.com> To: jamie@tridentmicrosystems.co.uk Cc: freebsd-net@freebsd.org Subject: Re: Problem with Racoon/IPSec/Setkey - Routing to/from multiple netwo rks Message-ID: <200311171641.RAA29240@galaxy.hbg.de.ao-srv.com> In-Reply-To: <002101c3ad22$0b51cf30$115dcfc2@nico> from Jamie Heckford at "Nov 17, 2003 4:47: 2 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie Heckford:
>/usr/sbin/setkey -c << EOF
>flush;
>spdflush;
>spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec
>esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require;
>spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec
>esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec
>esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require;
>spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec
>esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec
>esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require;
>spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec
>esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec
>esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require;
>spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec
>esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>EOF
Try using "unique" instead of "require".
Helge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311171641.RAA29240>