Re: IPSec tunnel interfaces (was: freebsd vpn server behind nat dsl router)
- From: Jeremie Le Hen <jeremie@xxxxxxxxxx>
- Date: Sat, 10 Mar 2007 20:23:47 +0100
Hi Yvan,
On Wed, Mar 07, 2007 at 06:06:17PM +0100, VANHULLEBUS Yvan wrote:
- FreeBSD handbook talks about Gif interfaces for IPSec tunnels. Just
forget that part and use directly IPSec tunnels without Gif
interfaces.
While I understand why using gif(4) to create IPSec tunnels is
not recommended because of interoperability, administratively it
is pretty useful to see the tunnel as an interface. Everything
that comes along such as routes, firewall rules et al work very
naturally. I'm no IPSec expert as you probably are and I seem
to recall the RFC advises (requires ?) it to be implemented as a
bump in a stack. However, is it reasonable to expect to see
this in the future ?
It seems the enc(4) interface provides this feature somehow but
only for FAST_IPSEC. What is the doom of IPSEC ? Are they to
be merged in the future, or is it possible to make the enc(4)
work with IPSEC as well ?
Thank you.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- freebsd vpn server behind nat dsl router
- From: Robert Johannes
- Re: freebsd vpn server behind nat dsl router
- From: VANHULLEBUS Yvan
- freebsd vpn server behind nat dsl router
- Prev by Date: Re: freebsd vpn server behind nat dsl router
- Next by Date: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
- Previous by thread: Re: freebsd vpn server behind nat dsl router
- Next by thread: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
- Index(es):
Relevant Pages
|
