(Illustration by Gaich Muramatsu)
I'm running coda over IPsec ESP, using 3DES and HMAC-SHA1. The new masquerade option to venus makes spd setup easier, as one only needs to protect things with udp 370 or udp 2432 as the destination. For a client with setkey from FreeBSD 4.2+KAME: # Coda masquerading spdadd 0.0.0.0/0[any] 0.0.0.0/0[370] udp -P out ipsec esp/transport//require ; spdadd 0.0.0.0/0[370] 0.0.0.0/0[any] udp -P in ipsec esp/transport//require ; spdadd 0.0.0.0/0[any] 0.0.0.0/0[2432] udp -P out ipsec esp/transport//require ; spdadd 0.0.0.0/0[2432] 0.0.0.0/0[any] udp -P in ipsec esp/transport//require ; The server is similar: # clog from/to client spdadd 0.0.0.0/0[any] CODA-SERVERS-ADDR/32[370] udp -P in ipsec esp/transport//require ; spdadd CODA-SERVERS-ADDR/32[370] 0.0.0.0/0[any] udp -P out ipsec esp/transport//require ; ## CODA masquerading spdadd 0.0.0.0/0[any] CODA-SERVERS-ADDR/32[2430] udp -P in ipsec esp/transport//require ; spdadd CODA-SERVERS-ADDR/32[2430] 0.0.0.0/0[any] udp -P out ipsec esp/transport//require ; Greg Troxel <gdt_at_ir.bbn.com>Received on 2001-02-28 19:46:02