On Thu, Jun 16, 2005 at 10:50:10PM +0200, Claudio Jeker wrote: > > AFAIK it was not yet tested. I'm not sure if it will work because the enc > interface is not a real interface. I know it works over gre tunnels. > Using the enc device may work but I'm not sure about it (until now I never > had to use IPsec).
i was able to use enc0 (after throwing an IP on it) as the local endpoint to match an IPsec flow such as: 172.16.2.2/32 0 172.16.1.1/32 0 0 66.55.44.77/50/use/in 172.16.1.1/32 0 172.16.2.2/32 0 0 66.55.44.77/50/require/out where 172.16.1.1/32 was the IP i threw on enc0. ( eg, i could ping -I 172.16.1.1 172.16.2.2 ok, and other side could ping -I 172.16.2.2 172.16.1.1 OK ) though, to be fair, i changed the way i was doing things and decided to not put the IP on enc0, so i didn't give it a lot of testing. jun.10 snapshots jared - [ openbsd 3.7 GENERIC ( jun 3 ) // i386 ]