Re: IPSec VPNs: to gif or not to gif
From: Nikolay Petrov (mailinglists_at_hq.panda.bg)
Date: 10/23/03
- Previous message: Jim Hatfield: "Re: IPSec VPNs: to gif or not to gif"
- In reply to: Jim Hatfield: "IPSec VPNs: to gif or not to gif"
- Next in thread: Jim Hatfield: "Re: IPSec VPNs: to gif or not to gif"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 21:00:20 +0300 To: freebsd-security@freebsd.org
Hello Jim,
Wednesday, October 22, 2003, 2:28:45 PM, you wrote:
JH> I will shortly be replacing a couple of proprietary VPN boxes
JH> with a FreeBSD solution. Section 10.10 of the Handbook has a
JH> detailed description of how to do this.
JH> However I remember a lot of discussion about a year ago about
JH> whether the gif interface was necessary to set up VPNs like
JH> this or whether it was just a convenience, for "getting the
JH> routing right". A number of people said that gif was not
JH> needed but I've never found a step-by-step description of how
JH> to set up a lan-to-lan VPN without using it.
I use gif interface and tunneling mode, but can see any advantage of
this, because i can not see packets that pass through gif interface.
I try different configuration of ip addresses to the interface, but
nothing change. This i maybe a error in the configuration but i see
encapsulated packets and packets that pass through IPSec tunnel on my
network card.
JH> Is the Handbook the current received wisdom on how to set this
JH> up, and is the use of the gif interface indeed necessary?
JH> I also remember that the discussions diverted into a problem
JH> with ipfw when gif was *not* used, but I haven't found any
JH> messages to indicate that it was resolved. I recall suggestions
JH> that a new interface esp0 be created so that ipfw could work
JH> correctly on both the innner and outer packets of an ESP tunnel.
JH> Was that issue ever resolved?
JH> jim hatfield
JH> _______________________________________________
JH> freebsd-security@freebsd.org mailing list
JH> http://lists.freebsd.org/mailman/listinfo/freebsd-security
JH> To unsubscribe, send any mail to
JH> "freebsd-security-unsubscribe@freebsd.org"
-- Best regards, Nikolay mailinglists@hq.panda.bg _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jim Hatfield: "Re: IPSec VPNs: to gif or not to gif"
- In reply to: Jim Hatfield: "IPSec VPNs: to gif or not to gif"
- Next in thread: Jim Hatfield: "Re: IPSec VPNs: to gif or not to gif"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
