Date: Wed, 14 Nov 2001 01:09:41 +0100 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com> To: FreeBSD Security List <freebsd-security@FreeBSD.ORG> Subject: Re: Bump-in-the-Road IPsec? Message-ID: <20011114010941.A46471@diabolic-cow.chatgris.net> In-Reply-To: <20011112193144.N1819-100000@coredump.scriptkiddie.org>; from lamont@scriptkiddie.org on Mon, Nov 12, 2001 at 07:33:25PM -0800 References: <20011113033151.A56326@diabolo.ifn.fr> <20011112193144.N1819-100000@coredump.scriptkiddie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 12, 2001 at 07:33:25PM -0800, Lamont Granquist wrote: > > On Tue, 13 Nov 2001, Rémi Guyomarch wrote: > > On Tue, Nov 13, 2001 at 03:14:38AM +0100, Rémi Guyomarch wrote: > > ... > > > On OpenBSD, use the gif device, along with IPSec in transport mode > > > and the same bridge setup as described below. > > > > Damn! I just realised that gif(4) only handles IP frames :-( > > Still a transparent bridge, but only suitable for IP... > > [same thing with gre(4)] After reading the gif(4) and brconfig(8) OpenBSD's manpages, it seems gif isn't limited to IP traffic but really handles full ethernet. > only suitable for IP is fine by me. the thing is that i really want these > to be two completely seperate networks with real ip #s. Yuk! I got it. Basically you're trying to do a "tranparent IP router". I think this violates nearly every routing-related RFC ever published ! It might be possible but it would require horrible hacks. > the stuff i've > found on the net so far suggests using gif to bridge between two remote > networks that share the same private ip space. Yes, a bridge only makes sense when the two segments share the same IP address space, or you use some non-routable protocol (ex: NetBEUI, AppleTalk). -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011114010941.A46471>