Re: IPSEC FIRST LIGHT! (by non-kernel developer :-))

kuznet@ms2.inr.ac.ru
Thu, 7 Nov 2002 22:05:43 +0300 (MSK)


Hello!

> add 10.0.0.216 1.2.3.4 esp 34501 -E 3des-cbc "123456789012123456789012";

should read:

add 10.0.0.216 1.2.3.4 esp 34501
-m tunnel
-E 3des-cbc "123456789012123456789012";

KAME allows to use single SA both for transport and for tunnel,
we do not.

Actually, if you used setkey -D and setkey -DP to look at SAD/SPD,
you would notice this.

Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/