Date: Fri, 18 Aug 2006 13:33:47 +0200 From: Phil Regnauld <regnauld@catpipe.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: Remko Lodder <remko@FreeBSD.org>, net@FreeBSD.org Subject: Re: Routing IPSEC packets? Message-ID: <20060818113347.GF29866@catpipe.net> In-Reply-To: <20060818111809.H46402@maildrop.int.zabbadoz.net> References: <44E58E9E.1030401@FreeBSD.org> <44E58F8B.5@FreeBSD.org> <20060818111809.H46402@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb (bzeeb-lists) writes: > > You do not "route" IPsec traffic. You define apropriate policies and > be done. You only need gif(4) if you really want to route and use a > link-state protocol. ... and want to do egress filtering, prioritization, and other things you can only really do for packets that travel in and out of an interface. The problem with the triangle home - pcolo - ocolo is that it doesn't scale. Hub-and-spoke is easier but then you need interfaces to route on.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060818113347.GF29866>