From owner-freebsd-security Mon Nov 12 18:31:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from diabolo.ifn.fr (diabolo.ifn.fr [195.25.216.97]) by hub.freebsd.org (Postfix) with ESMTP id D9B4237B405 for ; Mon, 12 Nov 2001 18:31:54 -0800 (PST) Received: from 127.0.0.1 (localhost.ifn.fr [127.0.0.1]) by localhost.ifn.fr (Postfix) with SMTP id BE307CB8AC; Tue, 13 Nov 2001 03:31:52 +0100 (CET) Received: by diabolo.ifn.fr (Postfix, from userid 1000) id 7CF61CB7DD; Tue, 13 Nov 2001 03:31:51 +0100 (CET) Date: Tue, 13 Nov 2001 03:31:51 +0100 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= To: Lamont Granquist , FreeBSD Security List Subject: Re: Bump-in-the-Road IPsec? Message-ID: <20011113033151.A56326@diabolo.ifn.fr> References: <20011112164936.F538-100000@coredump.scriptkiddie.org> <20011113031438.A45472@diabolic-cow.chatgris.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20011113031438.A45472@diabolic-cow.chatgris.net>; from rguyom@pobox.com on Tue, Nov 13, 2001 at 03:14:38AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Nov 13, 2001 at 03:14:38AM +0100, Rémi Guyomarch wrote: ... > On OpenBSD, use the gif device, along with IPSec in transport mode > and the same bridge setup as described below. Damn! I just realised that gif(4) only handles IP frames :-( Still a transparent bridge, but only suitable for IP... [same thing with gre(4)] So far, for full ethernet-over-ip the only solution I see is vtun with a tap(4) device. Maybe someone there will feel creative with netgraph ? ;) -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message