On (01/23/18 12:30), Paul Wouters wrote: > > Why two? Are both peers using an ephemeral souce port? If it is port > 4789 to port 4789, wouldn't one tunnel be enough?
I'm assuming that the local host is both sends (to other node's udp port 4789) and receives (on udp port 4789 from other peers) vxlan packets, and that we want ipsec for both directions. Depends on what Antonio is trying to achieve, I suppose. --Sowmini _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
