>>>>> "itojun" == itojun <itojuniijlab.net> writes:
>> When connecting via dialup/dhcp, I seem to have to edit my SPD entries to
>> accomodate the changes in the outer IP address:
>>
>> spdadd A.B.C.D/32 A.B.C.0/24 any -P out ipsec esp/tunnel/E.F.G.H-Q.R.S.T/require;
>>
>> I would like to leave E.F.G.H unspecified. Can I put 0.0.0.0 in there and
>> let the routing system pick the appropriate outgoing IP? The man page says
>> nothing about doing that.
>> {Later tonight, I'll use the source}

    itojun> i don't think it is supported. how can you inform of your change to
    itojun> the other end's policy table?

  I can see that this won't work for Racoon/Racoon, but TimeStep Permit at
the end does let me do this. Once I establish a tunnel for the inside
addresses, they will route stuff to me.

] Train travel features AC outlets with no take-off restrictions|gigabit is no[
] Michael Richardson, Solidum Systems Oh where, oh where has|problem with[
] mcrsolidum.com www.solidum.com the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
  

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]