Ola Bergqvist wrote:
>When I exchanged our old firewall with a standard FreeBSD box I go that
>After alot of testing it turned out that I had to change
>"required" to "unique" in the setkey commands. I am not really sure what
>from man IPSEC_SET_POLICY(3):
>require means that a relevant
>SA is required, since the kernel must perform IPsec
>operation against packets. unique is the same as
>require, but adds the restriction that the SA for out-
>bound traffic is used only for this policy.
>BTW, I think the other end of the tunnel is a linux free/swan system.
>As a first try in modifying m0n0wall I'm trying to hardcode this into
>It would be great if there was a switch in the ui to change this...
>(It would be nice to use m0n0wall here without modifying it)
Thank you for the solution to the problem. Now to get Manuel to
implement it. :-) I'm forwarding this on to him also in the hopes he
can find it in his heart to include this in the next release. :-)