On Mon, Jun 07, 2010 at 03:14:19PM -0400, Russell Sutherland wrote: > I am trying to set up an ipsec bridge using the template and > instructions found in the brconfig man page (OpenBSD 4.6): > > Create Security Associations (SAs) between the external IP > address of > each bridge and matching ingress flows by using the following > ipsec.conf(5) file on bridge1: > > esp from 1.2.3.4 to 4.3.2.1 spi 0x4242:0x4243 \ > authkey file "auth1:auth2" enckey file "enc1:enc2" > flow esp proto etherip from 1.2.3.4 to 4.3.2.1 > > I was curious as to the exact meaning of the colon, specifically the > auth1:auth2 and enc1:enc2 arguments. > Do they mean references to the 4 keys, two on each of the machines? > > E.g. > > om 1.2.3.4 to 4.3.2.1 spi 0x4242:0x4243 \ > authkey file "/etc/keys/auth1:/etc/keys/auth2" > enckey file "/etc/keys/enc1:/etc/keys/enc2" > flow esp proto etherip from 1.2.3.4 to 4.3.2.1 >
good question - to which i have no answer ;) i suspect that the filenames chosen simply reflect the same notation used for the spi number. certainly ipsec.conf(5) does not document anything special about the colon for filenames or spi numbers. maybe someone else has something more definite? jmc
