===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/share/ipsec/Attic/rc.vpn,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- src/share/ipsec/Attic/rc.vpn	2000/09/19 03:35:08	1.11
+++ src/share/ipsec/Attic/rc.vpn	2000/09/27 04:11:21	1.12
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-#    $OpenBSD: rc.vpn,v 1.11 2000/09/19 03:35:08 angelos Exp $
+#    $OpenBSD: rc.vpn,v 1.12 2000/09/27 04:11:21 angelos Exp $
 #
 # Richard Reiner, Ph.D., FSC Internet Corp.
 # rreiner@fscinternet.com
@@ -84,9 +84,9 @@
 #
 
 # Gateway to gateway (both egress and ingress flows)
-$DEBUG $ipsecadm flow -proto esp -dst $GW_PEER -spi $SPI_OUT \
+$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_OUT \
     -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require
-$DEBUG $ipsecadm flow -proto esp -dst $GW_LOCAL -spi $SPI_IN \
+$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_IN \
     -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require
 
 # Flows from each local to each remote subnet, and vice versa for
@@ -108,12 +108,13 @@
 	    remote_mask=$2
 	    if [ "${remote_net}" != "0x0" ]; then
 		$DEBUG $ipsecadm flow \
-		    -proto esp -dst $GW_PEER -spi $SPI_OUT \
+		    -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_OUT \
 		    -addr $local_net $local_mask $remote_net $remote_mask \
 		    -out -require
 
 		$DEBUG $ipsecadm flow \
-		    -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \
+		    -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_IN \
+                    -in -require \
 		    -addr $remote_net $remote_mask $local_net $local_mask
 		peercount=$(($peercount + 1))
 	    else
@@ -142,7 +143,8 @@
 	    -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \
 
 	$DEBUG $ipsecadm flow \
-	    -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \
+	    -proto esp -dst $GW_PEER -spi $SPI_IN -in -require \
+            -src $GW_LOCAL
 	    -addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 
 	peercount=$(($peercount + 1))
     else
@@ -161,10 +163,12 @@
     if [ "${local_net}" != "0x0" ]; then
 	$DEBUG $ipsecadm flow \
 	    -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \
+            -src $GW_LOCAL \
 	    -addr $local_net $local_mask $GW_PEER 255.255.255.255
 
 	$DEBUG $ipsecadm flow \
-	    -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \
+	    -proto esp -dst $GW_PEER -spi $SPI_IN -in -require \
+            -src $GW_LOCAL
 	    -addr $GW_PEER 255.255.255.255 $local_net $local_mask 
 	mycount=$(($mycount + 1))
     else