Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

improve descr on AH tunnel twist.

  • Loading branch information...
commit 2fc3cdf1282c9452feac266c033225bc27060e30 1 parent fb9c6eb
itojun authored
Showing with 9 additions and 3 deletions.
  1. +9 −3 kame/kame/man/man4/ipsec.4
12 kame/kame/man/man4/ipsec.4
@@ -1,4 +1,4 @@
-.\" $KAME: ipsec.4,v 1.7 2000/04/20 08:01:41 itojun Exp $
+.\" $KAME: ipsec.4,v 1.8 2000/04/20 14:25:46 itojun Exp $
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
@@ -230,8 +230,14 @@ There is no single standard for policy engine API,
so the policy engine API described herein is just for KAME implementation.
AH tunnel may not work as you might expect.
-Packets will be exchanged just fine, however,
-policy engine will not consider the encapsulated packet to be authentic.
+If you configure
+.Dq require
+policy against AH tunnel for inbound, tunnelled packets will be rejected.
+This is because AH authenticates encapsulating
+.Pq outer
+packet, not the encapsulated
+.Pq inner
The implementation described herein appeared in WIDE/KAME IPv6/IPsec stack.
Please sign in to comment.
Something went wrong with that request. Please try again.