Date: Thu, 21 Mar 2002 01:45:24 +0100 From: Rickard Borgmäster <doktorn@realworld.nu> To: Lars Eggert <larse@ISI.EDU> Cc: freebsd-net@freebsd.org Subject: Re: IPSec tunnel FreeBSD<->OpenBSD using isakmp Message-ID: <20020321014524.667eab66.doktorn@realworld.nu> In-Reply-To: <3C9910B6.2090005@isi.edu> References: <20020320205735.0851b080.doktorn@realworld.nu> <3C98EF33.6090207@isi.edu> <20020320231802.222a8dd2.doktorn@realworld.nu> <3C9910B6.2090005@isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Mar 2002 14:44:06 -0800
Lars Eggert <larse@ISI.EDU> hit the keyboard and punched:
> No, there is an (older) KAME included in FreeBSD; however that one
> doesn't yet represent SAs in the routing table as interfaces.
I still do not understand wether I need KAME or not? What would it gain to
install KAME?
> Sorry for being unclear: You miss a route entry (on the FreeBSD box,
> e.g.) that tells it to forward 10/24 to the OpenBSD box. You can't have
> such a route, because the SA that connects the two isn't represented in
> the routing table (it's a packet filter).
One thing that pops up in my head is, "what if I had an interface in the
10.0.0.0/24 net?". Therefore, I am right now recompiling my kernel to
include 2 loopback interfaces. Then I will set a 10.0.0.x address to it
and we'll se what happens =)
What do you think?
--
Rickard
.--. .--.
.----------------------------------------. | | | | .-.
| Rickard Borgmäster | | | | |/ /
| doktorn@sub.nu | .-^ | .--. | <
| http://doktorn.sub.nu/ | ( o | ( () ) | |\ \
`----------------------------------------' `-----' `--' `--' `--'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020321014524.667eab66.doktorn>