On Wed, 27 Aug 2008, Sean Hughes wrote:
> I'm learning about IPsec and while I was reading about the setkey.conf I
> saw the following lines, with each "add" representing a security
> My question is: Why would you need to provide the source address if the
> association are based on destination address and SPI ? Is this a
> unnecessary requirement or this information (source address) can be used
My understanding is that racoon(8) should install all of these ipsec
policies automatically on-demand (for road warriors, etc.).
In NetBSD 3.x, though, I always had to popualte ipsec.conf -- and never
questioned it --- because they were static tunnels.