Date: Wed, 28 Dec 2005 11:20:45 -0500 From: "Clark Gaylord" <gaylord@dirtcheapemail.com> To: freebsd-net@freebsd.org Subject: Re: IPSEC documentation Message-ID: <1135786845.21398.250667837@webmail.messagingengine.com> In-Reply-To: <20051228150404.GA49024@moof.catpipe.net> References: <20051228143817.GA6898@uk.tiscali.com> <20051228150404.GA49024@moof.catpipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Dec 2005 16:04:04 +0100, "Phil Regnauld" <regnauld@catpipe.net> said: > Yes, here using tunnel is indeed odd, it would make more sense > of using IPIP or just GRE in transport mode. I have often used GRE+IPsecTransport -- this allows routing protocols, link state (if you have GRE keepalives), etc, to function correctly, and I think it is easier to see what is going on than the "transparent" IPsec tunnel approach. Haven't done it with FreeBSD, though. --ckg -- Clark Gaylord Blacksburg, VA USA gaylord@dirtcheapemail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1135786845.21398.250667837>