from: Erno Kuusela <firstname.lastname@example.org>
the setkey manual page says:
add [-46n] src dst protocol spi [extensions]
algorithm ... ;
Add an SAD entry. add can fail with
multiple reasons, including
when the key length does not match the
take some of the following:
-m mode Specify a security protocol
mode for use. mode is
one of following: transport,
tunnel or any. The
default value is any.
however, by default the security associations end up with
mode=transport according to setkey -D. they also end up
with mode=transport if i specify "-m any". so i have
to specify "-m tunnel" to get tunnel mode to work.
Log in to post a comment.