Date: Mon, 7 Jan 2002 11:03:51 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipsec setup question Message-ID: <20020107110351.A28802@Odin.AC.HMC.Edu> In-Reply-To: <20020107105827.A28192@Odin.AC.HMC.Edu>; from brooks@one-eyed-alien.net on Mon, Jan 07, 2002 at 10:58:27AM -0800 References: <Pine.GSO.4.33.0201071348210.16221-100000@gradient.cis.upenn.edu> <20020107105827.A28192@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 07, 2002 at 10:58:27AM -0800, Brooks Davis wrote: > > Also I would like to nest tunnels and by that I mean > >=20 > > say have an end to end tunnel with ESP but have each intermediate rout= er > > (there are two of them) check AH headers on the packet. Anyone see any > > problems with this. >=20 > No clue. Actually nesting gif tunnels requires that you define > XBONEHACK when building your kernel. Oops that's incorrect. The variable you must define is MAX_GIF_NEST, XBONEHACK allows parallel tunnels. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8OfEWXY6L6fI4GtQRAnflAJ4m8il+KSJcEURGJalimLtrf35rdwCgnTaC DTRQUP54kVZs6k7ujscyNnc= =JSw/ -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107110351.A28802>