Thread: [Ipsec-tools-devel] phase 2 networks specification
Brought to you by:
mit_warlord,
netbsd
From: Giulio F. <au...@zi...> - 2007-11-27 08:54:43
|
I'd like to know how I can set the vpn local and remote networks for phase 2 agreements between me and the peer. I guess it's in the sainfo section (that's where settings for phase 2 are). Thanks. |
From: Matthew G. <mg...@sh...> - 2007-11-27 09:10:57
|
Giulio Ferro wrote: > I'd like to know how I can set the vpn local and remote networks > for phase 2 agreements between me and the peer. I guess it's in the > sainfo section (that's where settings for phase 2 are). > > Thanks. > The phase2 network IDs are read from the security policy database. For more information regarding security policy management, please see the setkey man page. When traffic matches a security policy, an acquire message is sent to racoon. Racoon then initiates a quick mode exchange with the remote peer using the network IDs defined in the policy. The sainfo section only defines the proposal and transform information that are negotiated during quick mode. -Matthew |