Hello! > since there are legitimate uses for it, e.g., someone behind a wireless > gateway or a secure corporate gateway that requires IPsec. Seems, the words "secure corporate gateway" add nothing to help to understand. :-) OK, trying to render it to plain English: do you mean the case when more than one subnet is routed through single SA? If I guessed right (and, anyway, if you did not mean this, it is also a bad case), it is a problem. Solutions are: 1. to filter it at netfilter. 2. to enrich selector converting it to an ACL. 3. suggest one... > Can you be a bit more specific about which bit doesn't make sense > to you? OK, the question #1. Why did you use IPCOMP? What is so special in it wrt the case of wildcard selectors? Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
