Dear All, With a manual IPsec setup, is there any way to use multiple SAs between the same two IP-addresses but with different ports?
For example I want traffic to 10.0.0.44:80 to use sip 0xaaa and traffic to 10.0.0.44:8080 to use spi 0xbbb. To do this I use the following ipsec.conf: flow esp out proto tcp from 10.0.0.161 to 10.0.0.44 port 80 flow esp out proto tcp from 10.0.0.161 to 10.0.0.44 port 8080 esp transport from 10.0.0.161 to 10.0.0.44 port 80 spi 0xaaa \ enc null \ auth hmac-sha1 authkey "0xd131d0cee0ef5b5a787daf3fe9c89ed000000000" esp transport from 10.0.0.161 to 10.0.0.44 port 8080 spi 0xbbb \ enc null \ auth hmac-sha1 authkey "0xd131d0cee0ef5b5a787daf3fe9c89ed000000000" But traffic to both 80 and 8080 uses spi 0xbbb. It seems 0xbbb is used since it was the last added SA with the src/dst-IP, port ignored. Thanks Daniel Using OpenBSD 4.1
