Date: Fri, 30 Nov 2018 17:28:29 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Lev Serebryakov <lev@FreeBSD.org>, freebsd-net@freebsd.org Subject: Re: IPsec: is it possible to encrypt transit traffic in transport mode? Message-ID: <9ae35c3c-7af8-e513-7c20-e2d62f2b7b3e@grosbein.net> In-Reply-To: <881323908.20181130123008@serebryakov.spb.ru> References: <1519156224.20181130021136@serebryakov.spb.ru> <eb98de09-fe85-a978-15ef-b5c19f964f4e@grosbein.net> <881323908.20181130123008@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
30.11.2018 16:30, Lev Serebryakov wrote: >> It is possible and it is the way I use extensively for long time since very old >> FreeBSD versions having KAME IPSEC and it works with 11.2-STABLE, too. > Eugeny, please note, that your example have SA and SPDs with same > addresses. It works for me too. It doesn't work for me if SAs have addresses > of routers and SPDs have addresses of routed networks. And if SPDs have > routers' addresses, then routed traffic is not encrypted, only host-to-host > (router-to-router) are. Just add gif(4) to the picture.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9ae35c3c-7af8-e513-7c20-e2d62f2b7b3e>