From: VANHULLEBUS Y. <va...@fr...> - 2010-05-18 16:23:55
|
On Tue, May 18, 2010 at 04:35:04PM +0400, c0re wrote: > Hello everyone! Hi. > I'm tried to make a configuration of setkey and racoon to encrypt all > traffic. > > many networks <------> |server| <----> L2channel <-----> |server| <-------> > many networks > > > So I want to encrypt all traffic that passing between those 2 servers except > those traffic that originates to servers or originates from servers. > > how can I do it? What configuration will allow me to do it? Some examples? Just set up some "none" entries in your SPD, to say that traffic between servers themselves must NOT be encrypted, then set up a single SPD rule like 0.0.0.0/0 <-> 0.0.0.0/0 -> IPsec. The main issue with that specific configuration is that packets from one side to the same side must NOT be seen by gate, otherwise gate will send them to it's IPsec peer.... Yvan. |