From: Brian A. S. <lav...@sp...> - 2008-09-11 20:41:29
|
On Wed, 27 Aug 2008, Sean Hughes wrote: > > I'm learning about IPsec and while I was reading about the setkey.conf I > saw the following lines, with each "add" representing a security [...snip...] > My question is: Why would you need to provide the source address if the > association are based on destination address and SPI ? Is this a > unnecessary requirement or this information (source address) can be used > elsewhere? My understanding is that racoon(8) should install all of these ipsec policies automatically on-demand (for road warriors, etc.). In NetBSD 3.x, though, I always had to popualte ipsec.conf -- and never questioned it --- because they were static tunnels. ~BAS |