A question about routed IPSec connections

[Patrick M. Hausen]

For IPv6, /127 is not that uncommon.

That's why I wrote "unless configured differently".

For IPv4, how would the algorithm decide whether you want to do /31 or /30?

By applying the dual logarithm to the difference between both addresses? What if I am using a /24? There are more options than /31 or /30 ...

[bimbar]

For IPv6, /127 is not that uncommon.

That's why I wrote "unless configured differently".

For IPv4, how would the algorithm decide whether you want to do /31 or /30?

By applying the dual logarithm to the difference between both addresses? What if I am using a /24? There are more options than /31 or /30 ...

Yes, but, what if I have two adjacent IP addresses? Do I want the full /30 or just the /31, both is perfectly reasonable.

[Patrick M. Hausen]

Ah, now I got your point. Again: configuration by admin. Only reasonable solution, IMHO.

Are these P2P links? In that case you could even re-use your Ethernet's address with a /32 on each side.
I have only run policy based IPsec so far, so I lack experience with that particular setup.

[bimbar]

Ah, now I got your point. Again: configuration by admin. Only reasonable solution, IMHO.

Are these P2P links? In that case you could even re-use your Ethernet's address with a /32 on each side.
I have only run policy based IPsec so far, so I lack experience with that particular setup.

It usually is a link network, I do not know if p-t-p is also possible.

[bimbar]

Should I submit a bug report about this or is this now scheduled to be fixed?