[Openswan dev] Re: per-X controls

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
    >> you can not say: create an SA with %any as the origin port
    >> 
    >> that is because "%any" is implemented as "0"

    Herbert> I see.

    Herbert> BTW, have you looked at the socket-specific IPsec policy
    Herbert> feature in Linux?  That would seem to be a better fit for
    Herbert> L2TP/IPsec rather than relying on random selectors falling
    Herbert> into place, no?

  It's not a kernel issue. It's a policy issue at the IKE level.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

    "The Microsoft _Get the Facts CD_ does not work on Linux." - orospakr


  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRHR6g4CLcPvd0N1lAQJSPgf+Lm6c3KOx4L9TgqMxwKeKF7HKNssuzq8L
p6qXqulSzhKkF6x0bcmwknsk95FLAZ2kcqew0rpJoi+NLkUuNWdAsGveGrS2X8Jq
Xvfqn+dMelZpHpH8dEfI8iVnuYK3HVPptuBLkPVgu794zRZdSKUxSaFWkRWwWwVX
dBmwWUQ0x3AcyRerdf8aAhdfoZcAxa33UbVpAKBYjDllrtNT19v7zQ4uDQXJVsR5
NJWXeJP+ueEHFjea1ddKz0UFj5wRIzbjrheqr4+4AQXO0e5fhz4gBl7NdN2wIH/q
fbrBY8kaBiIxll+V6LdAjXmJxnwK3ySGYq0rhKMHsjKARWsUkPDHsA==
=Pbp4
-----END PGP SIGNATURE-----