Date: Wed, 11 Feb 1998 14:43:54 -0600 (CST) From: Hal Snyder <hal@vailsys.com> To: jra@colltech.com Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: IP tunnels ? once again probably Message-ID: <199802112043.OAA11016@crocodile.vale.com> In-Reply-To: <199802111737.LAA09605@psasolar.psa.pencom.com> (jra@colltech.com) References: <199802111737.LAA09605@psasolar.psa.pencom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: jra@colltech.com > Date: Wed, 11 Feb 1998 11:37:15 -0600 (CST) > Content-Type: text/plain; charset=US-ASCII > Sender: owner-freebsd-hackers@FreeBSD.ORG > X-Loop: FreeBSD.ORG > > > I thought SKIP could also do tunneling plus it has the added feature > > of crypto... [Amancio] > > Has anyone modified the SKIP sources so that the LKM compiles under > -current? I looked at it a while back, but it fell between the > cracks. I know this doesn't exactly answer the question, but wanted to mention that we are using Jim Flowers' patch to run SKIP with FreeBSD 2.2.5-RELEASE. We tunnel three RFC-1918 nets over the Internet with excellent results and plan to add more. Note that with original SKIP, the source IP addresses of tunneled packets for such an arrangement will be in RFC-1918 range. This feels wrong. We program our firewall chokes to drop RFC-1918 coming or going. John Capo provided a nifty patch to replace the source IP in tunneled packets with the external IP address of the source gateway. I've summarized this (crudely) at http://www.enteract.com/~hal/skip.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802112043.OAA11016>