From owner-freebsd-isp@FreeBSD.ORG  Sat Nov 15 19:01:18 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 172A416A4CE; Sat, 15 Nov 2003 19:01:18 -0800 (PST)
Received: from arginine.spc.org (arginine.spc.org [195.206.69.236])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A468E43FD7; Sat, 15 Nov 2003 19:01:15 -0800 (PST)
	(envelope-from bms@spc.org)
Received: from localhost (localhost [127.0.0.1])
	by arginine.spc.org (Postfix) with ESMTP
	id EFAD3651F7; Sat, 15 Nov 2003 07:20:15 +0000 (GMT)
Received: from arginine.spc.org ([127.0.0.1])
 by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 06312-04-7; Sat, 15 Nov 2003 07:20:15 +0000 (GMT)
Received: from saboteur.dek.spc.org (unknown [82.147.19.91])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by arginine.spc.org (Postfix) with ESMTP
	id 01205651F1; Sat, 15 Nov 2003 07:20:14 +0000 (GMT)
Received: by saboteur.dek.spc.org (Postfix, from userid 1001)
	id 575815; Sat, 15 Nov 2003 07:20:10 +0000 (GMT)
Date: Sat, 15 Nov 2003 07:20:10 +0000
From: Bruce M Simpson <bms@spc.org>
To: "Oldach, Helge" <Helge.Oldach@atosorigin.com>
Message-ID: <20031115072010.GA72782@saboteur.dek.spc.org>
Mail-Followup-To: "Oldach, Helge" <Helge.Oldach@atosorigin.com>,
	"'cjclark@alum.mit.edu'" <cjclark@alum.mit.edu>,
	freebsd-isp@freebsd.org, freebsd-ipfw@freebsd.org, vgoupil@alis.com,
	freebsd-net@freebsd.org
References: <D2CFC58E0F8CB443B54BE72201E8916E94CA16@dehhx005.hbg.de.int.atosorigin.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <D2CFC58E0F8CB443B54BE72201E8916E94CA16@dehhx005.hbg.de.int.atosorigin.com>
cc: freebsd-isp@freebsd.org
cc: freebsd-ipfw@freebsd.org
cc: "'cjclark@alum.mit.edu'" <cjclark@alum.mit.edu>
cc: vgoupil@alis.com
cc: freebsd-net@freebsd.org
Subject: Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr
	ess)
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Nov 2003 03:01:18 -0000

On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> I do well understand that there is no general solution. However, FreeBSD
> is definitely behind what is available on the commercial market today. Call
> it "cheating" - but it's out there and it works. I would rather prefer to
> see
> a feature that doesn't solve a 100% case than to see nothing because we feel
> that a "general specification" is missing.

I'm in agreement here. The fact alone that hundreds of DSL providers are
blocking tunneling and VPN protocols should be enough. So far, though,
our provider passes ESP, so I'm not in a hurry to implement this myself.

BMS