I don't think you can do this using SPI directly.
If you use IKE then you might be able to do something in iked or isakmpd
config to set PF tags, and then use PF rules to rewrite the dest port
to point at something else to select a different relay in relayd..
On 2022/08/09 12:53, Todd
I just wanted to clarify, for relayd..
Is it possible to filter / loadbalance based on the SPI information of the
4 byte headers within ipsec?
https://en.wikipedia.org/wiki/IPsec#Encapsulating_Security_Payload
*Security Parameters Index* (32 bits)Arbitrary value used (together with
the
thank you for your comments, I will dig into it.
cheers
Get Outlook for iOS<https://aka.ms/o0ukef>
From: owner-m...@openbsd.org on behalf of Stuart
Henderson
Sent: Sunday, August 7, 2022 3:56:16 AM
To: misc@openbsd.org
Subject: Re: Relayd Questions
O
On 2022-08-06, Todd Carpenter wrote:
> Hi all,
>
> I've been trying to get relayd up and running on my configuration and had a
> couple of questions I could not find answers for.
>
> As I understand it, relayd is capable of making a "protocol" where you
> could essentially take connection details
Hi all,
I've been trying to get relayd up and running on my configuration and had a
couple of questions I could not find answers for.
As I understand it, relayd is capable of making a "protocol" where you
could essentially take connection details and call it whatever you like,
then create rules
Hi all,
Firstly, a past post has indicated that there is no benefit of relayd over pf
for external mappings to single machines on the lan. I would have thought a
relayed connection to an internal machine would have some security benefit
over a pf redirected connection. Is this the case ?
6 matches
Mail list logo