[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 811) Re: Address range in spdadd
- To: racoon@kame.net
- Subject: (racoon 811) Re: Address range in spdadd
- From: KAMADA Ken'ichi <kamada@nanohz.org>
- Date: Tue, 19 Oct 2004 15:26:20 +0900
- Delivered-to: racoon-archive@kame.net
- Delivered-to: racoon-outgo@kame.net
- Delivered-to: racoon@kame.net
- In-reply-to: <B691FF7FC495BD43B96A759DB9465357F68447@emss09m06.us.lmco.com>
- References: <B691FF7FC495BD43B96A759DB9465357F68447@emss09m06.us.lmco.com>
- Reply-to: racoon@kame.net
- Sender: owner-racoon@kame.net
- User-agent: Wanderlust/2.10.1 (Watching The Wheels) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.3.50 (i386-unknown-netbsdelf2.0G) MULE/5.0 (SAKAKI)
At Mon, 18 Oct 2004 09:56:38 -0500,
"Nguyen, Thuan (EXP N-EKD Systems)" <thuan.nguyen@lmco.com> wrote:
>
> I wanted to use source/destination address ranges in spdadd but got
> errors. Here's the command I used:
>
> spdadd 10.10.16.13-10.10.16.14 10.10.26.13-10.10.26.24 udp -P out ipsec
> esp/tunnel/10.1.14.3-10.1.24.3/require
see setkey(8).
If the above address ranges are the real ones, you can't avoid
4 spdadds.
The syntax of spdadd is:
spdadd [-46n] src_range dst_range upperspec policy;
and src_range/dst_range is:
address
address/prefixlen
address[port]
address/prefixlen[port]
so you need to represent "10.10.16.13-10.10.16.14" and
"10.10.26.13-10.10.26.24" in "address/prefixlen" form.
But the problem here is that neither of them can't be represented
in one "address/prefixlen" form,
therefore you need 4 spdadds.
(BTW, if 10.10.26."24" were not a typo of "14", you'd need
at least 8 spdadds.)
--
KAMADA Ken'ichi <kamada@nanohz.org>