RE: Problem with Racoon/IPSec/Setkey - Routing to/from multiple netwo rks

From: Jamie Heckford (jamie_at_tridentmicrosystems.co.uk)
Date: 11/18/03

  • Next message: Bruce M Simpson: "Re: Knowing a route multiply." 
    To: "'Helge Oldach'" <helge.oldach@atosorigin.com>
Date: Tue, 18 Nov 2003 09:55:26 -0000

    Helge Oldach wrote:
    > Jamie Heckford:
    >> /usr/sbin/setkey -c << EOF
    >> flush;
    >> spdflush;
    >> spdadd ${LOCAL_NETWORK} ${STJUST_NETWORK} any -P out ipsec
    >> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require;
    >> spdadd ${STJUST_NETWORK} ${LOCAL_NETWORK} any -P in ipsec
    >> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require;
    >> spdadd ${ALLNET_1} ${STJUST_NETWORK} any -P out ipsec
    >> esp/tunnel/${LOCAL_OUTSIDE}-${STJUST_OUTSIDE}/require;
    >> spdadd ${STJUST_NETWORK} ${ALLNET_1} any -P in ipsec
    >> esp/tunnel/${STJUST_OUTSIDE}-${LOCAL_OUTSIDE}/require;
    >> spdadd ${LOCAL_NETWORK} ${BENELUX_NETWORK} any -P out ipsec
    >> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require;
    >> spdadd ${BENELUX_NETWORK} ${LOCAL_NETWORK} any -P in ipsec
    >> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require;
    >> spdadd ${ALLNET_1} ${BENELUX_NETWORK} any -P out ipsec
    >> esp/tunnel/${LOCAL_OUTSIDE}-${BENELUX_OUTSIDE}/require;
    >> spdadd ${BENELUX_NETWORK} ${ALLNET_1} any -P in ipsec
    >> esp/tunnel/${BENELUX_OUTSIDE}-${LOCAL_OUTSIDE}/require;
    >> EOF
    >
    > Try using "unique" instead of "require".
    >
    > Helge

    Thanks a lot Helge, this worked fine :)

    What does unique do instead of require..?

    Cheers,

    Jamie

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Bruce M Simpson: "Re: Knowing a route multiply."