Date: Tue, 30 Jul 2002 10:33:18 +0100 From: David Pick <d.m.pick@qmul.ac.uk> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: Matthew Grooms <mgrooms@seton.org>, dlavigne6@cogeco.ca, freebsd-questions@FreeBSD.ORG, D.M.Pick@qmul.ac.uk Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Message-ID: <E17ZTNW-0000Y3-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "Tue, 30 Jul 2002 00:48:13 PDT." <20020730074813.GF89241@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've never figured out why people use gif(4) interfaces when ESP does > the tunneling for you. Perhaps because with some packet-filter facilities you can't filter both the outer packet headers (IPSEC headers) *and* the inner packet headers (TCP, UDP, &c) if they appear to be associated with the same interface; with a formal gif(4) tunnel you can filter the outer headers on the physical interface and the inner headers on the gif(4) interface. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E17ZTNW-0000Y3-00>