On 15/01/18(Mon) 11:11, Martin Pieuchot wrote:
> On 04/01/18(Thu) 12:30, Stuart Henderson wrote:
> > On 2018/01/04 12:47, Martin Pieuchot wrote:
> > [...]
> > > So I don't understand why I have to pass '-K' in
> > > every of the machine I setup. If I don't specify any policy file,
On 04/01/18(Thu) 12:30, Stuart Henderson wrote:
> On 2018/01/04 12:47, Martin Pieuchot wrote:
> [...]
> > So I don't understand why I have to pass '-K' in
> > every of the machine I setup. If I don't specify any policy file, then
> > I'd assume isakmpd(8) would do the right thing.
On Thu, Jan 04, 2018 at 12:30:39PM +, Stuart Henderson wrote:
> On 2018/01/04 12:47, Martin Pieuchot wrote:
> > I'm not writing any isakmpd.policy(5) file. I don't know anybody sane
> > we do.
>
> This means you trust your ipsec peers not to request an invalid flow.
> That's reasonable if you
On 2018/01/04 12:47, Martin Pieuchot wrote:
> I'm not writing any isakmpd.policy(5) file. I don't know anybody sane
> we do.
This means you trust your ipsec peers not to request an invalid flow.
That's reasonable if you run both ends and trust yourself not to fat-finger
it but it's not really OK
I'm not writing any isakmpd.policy(5) file. I don't know anybody sane
we do. I'd like to enforce some policy based on what I write in
ipsec.conf(5)... So I don't understand why I have to pass '-K' in
every of the machine I setup. If I don't specify any policy file, then
I'd assume isakmpd(8) wo
