On Thu, Jun 16, 2005 at 10:50:10PM +0200, Claudio Jeker wrote:
>
> AFAIK it was not yet tested. I'm not sure if it will work because the enc
> interface is not a real interface. I know it works over gre tunnels.
> Using the enc device may work but I'm not sure about it (until now I never
> had to use IPsec).
i was able to use enc0 (after throwing an IP on it) as the local endpoint
to match an IPsec flow such as:
172.16.2.2/32 0 172.16.1.1/32 0 0 66.55.44.77/50/use/in
172.16.1.1/32 0 172.16.2.2/32 0 0
66.55.44.77/50/require/out
where 172.16.1.1/32 was the IP i threw on enc0.
( eg, i could ping -I 172.16.1.1 172.16.2.2 ok, and other side could
ping -I 172.16.2.2 172.16.1.1 OK )
though, to be fair, i changed the way i was doing things and decided to
not put the IP on enc0, so i didn't give it a lot of testing.
jun.10 snapshots
jared
-
[ openbsd 3.7 GENERIC ( jun 3 ) // i386 ]
