Date: Tue, 18 Nov 2003 09:55:26 -0000 From: "Jamie Heckford" <jamie@tridentmicrosystems.co.uk> To: "'Helge Oldach'" <helge.oldach@atosorigin.com> Cc: freebsd-net@freebsd.org Subject: RE: Problem with Racoon/IPSec/Setkey - Routing to/from multiple netwo rks Message-ID: <000801c3adba$17a09cb0$115dcfc2@nico> In-Reply-To: <200311171641.RAA29240@galaxy.hbg.de.ao-srv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Helge Oldach wrote:
> Jamie Heckford:
>> /usr/sbin/setkey -c << EOF
>> flush;
>> spdflush;
>> spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec
>> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require;
>> spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec
>> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>> spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec
>> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require;
>> spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec
>> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>> spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec
>> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require;
>> spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec
>> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>> spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec
>> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require;
>> spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec
>> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require;
>> EOF
>
> Try using "unique" instead of "require".
>
> Helge
Thanks a lot Helge, this worked fine :)
What does unique do instead of require..?
Cheers,
Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c3adba$17a09cb0$115dcfc2>