From owner-freebsd-security  Mon Jan  7 11: 4:19 2002
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id E841D37B43A
	for <freebsd-security@FreeBSD.ORG>; Mon,  7 Jan 2002 11:03:52 -0800 (PST)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id g07J3pi28981;
	Mon, 7 Jan 2002 11:03:51 -0800
Date: Mon, 7 Jan 2002 11:03:51 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipsec setup question
Message-ID: <20020107110351.A28802@Odin.AC.HMC.Edu>
References: <Pine.GSO.4.33.0201071348210.16221-100000@gradient.cis.upenn.edu> <20020107105827.A28192@Odin.AC.HMC.Edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020107105827.A28192@Odin.AC.HMC.Edu>; from brooks@one-eyed-alien.net on Mon, Jan 07, 2002 at 10:58:27AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 07, 2002 at 10:58:27AM -0800, Brooks Davis wrote:
> > Also I would like to nest tunnels and by that I mean
> >=20
> > say have an end to end tunnel with ESP  but have each intermediate rout=
er
> > (there are two of them) check AH headers on the packet.  Anyone see any
> > problems with this.
>=20
> No clue.  Actually nesting gif tunnels requires that you define
> XBONEHACK when building your kernel.

Oops that's incorrect.  The variable you must define is MAX_GIF_NEST,
XBONEHACK allows parallel tunnels.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8OfEWXY6L6fI4GtQRAnflAJ4m8il+KSJcEURGJalimLtrf35rdwCgnTaC
DTRQUP54kVZs6k7ujscyNnc=
=JSw/
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message