Re: [Design] IPSec in 2.5 Kernel?

John,

"John S. Denker" <jsd@monmouth.com> writes:

> > then yes, it can do that (although only

I _believe_ that you can configure multiple "remote anonymous" sections, each with their own identities. I have never actually tested it, so it may not work right. It does appear that you must share the "sainfo" across all "anonymous" connections....

> http://www.qnx.com/developer/docs/momentics_nc_docs/neutrino/utilities/r/racoon.conf.html

I _believe_ you can just set the SPD to define what access is allowed. So for example you can say that 10.0.0.0/28 can only access 192.168.1.0/28, and 10.0.0.32/28 can only access 192.168.1.32/28....

I do need to take a closer look at road-warrior configurations to make sure they work. I have not had the chance to play with that yet, but I'll make sure to do so after I finish NAT-T.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com
_______________________________________________
Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design