> So that I can understand the technology better, how does the IPSec for > mobile clients work in pfSense? > > Are SPDs used? Are they only created at the time that the client > attempts to connect?
Yes, with the KAME IPSEC stack, a Security Policy Database entry is required for every IPSEC exchange. The difference is that IPSEC policies that define tunnel-mode connections must specify both endpoints, while transport-mode (host to host) ones need not to. But, really, I'm not prepared enough to explain such a complicated matter (in english) without making some mistake, so I advice you read it yourself from some 'trusted' sources :-) You may start at http://www.vpnc.org/vpn-standards.html Angelo Turetta --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
