Date: Thu, 23 Oct 2003 21:00:20 +0300 From: Nikolay Petrov <mailinglists@hq.panda.bg> To: freebsd-security@freebsd.org Subject: Re: IPSec VPNs: to gif or not to gif Message-ID: <182543033578.20031023210020@hq.panda.bg> In-Reply-To: <u0qcpv0csl3lb1p6a8aioe7qjqjtvd6th9@4ax.com> References: <u0qcpv0csl3lb1p6a8aioe7qjqjtvd6th9@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Jim, Wednesday, October 22, 2003, 2:28:45 PM, you wrote: JH> I will shortly be replacing a couple of proprietary VPN boxes JH> with a FreeBSD solution. Section 10.10 of the Handbook has a JH> detailed description of how to do this. JH> However I remember a lot of discussion about a year ago about JH> whether the gif interface was necessary to set up VPNs like JH> this or whether it was just a convenience, for "getting the JH> routing right". A number of people said that gif was not JH> needed but I've never found a step-by-step description of how JH> to set up a lan-to-lan VPN without using it. I use gif interface and tunneling mode, but can see any advantage of this, because i can not see packets that pass through gif interface. I try different configuration of ip addresses to the interface, but nothing change. This i maybe a error in the configuration but i see encapsulated packets and packets that pass through IPSec tunnel on my network card. JH> Is the Handbook the current received wisdom on how to set this JH> up, and is the use of the gif interface indeed necessary? JH> I also remember that the discussions diverted into a problem JH> with ipfw when gif was *not* used, but I haven't found any JH> messages to indicate that it was resolved. I recall suggestions JH> that a new interface esp0 be created so that ipfw could work JH> correctly on both the innner and outer packets of an ESP tunnel. JH> Was that issue ever resolved? JH> jim hatfield JH> _______________________________________________ JH> freebsd-security@freebsd.org mailing list JH> http://lists.freebsd.org/mailman/listinfo/freebsd-security JH> To unsubscribe, send any mail to JH> "freebsd-security-unsubscribe@freebsd.org" -- Best regards, Nikolay mailinglists@hq.panda.bg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?182543033578.20031023210020>