[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

options FAST_IPSEC & tunnels

Subject: options FAST_IPSEC & tunnels
From: larse at ISI.EDU (Lars Eggert)
Date: Tue Apr 1 14:22:53 2003

On 4/1/2003 11:03 AM, Sam Leffler wrote:
> 
> Long term, I intend is to associate packets with an enc device so
> there's a way to identify these packets when writing firewall rules.

Alternatively (and already working), you can replace IPsec tunnel mode 
with IPIP (gif) tunnels and transport mode, and then use the gif device 
in your firewall rules.

It doesn't give you the full expressiveness of IPsec selectors, but it's 
good enough for many VPN schemes (and routing works!)

(See 
ftp://ftp.rfc-editor.org/internet-drafts/draft-touch-ipsec-vpn-04.txt; I 
have the -05 update almost ready, which will then go to Informational.)

Lars
-- 
Lars Eggert <larse_(_at_)_isi_(_dot_)_edu>           USC Information Sciences Institute
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3529 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20030401/e52882ff/smime.bin

Follow-Ups:
- options FAST_IPSEC & tunnels
  - From: Sam Leffler
- options FAST_IPSEC & tunnels
  - From: Eric Masson

References:
- options FAST_IPSEC & tunnels
  - From: Eric Masson
- options FAST_IPSEC & tunnels
  - From: Sam Leffler

Prev by Date: options FAST_IPSEC & tunnels
Next by Date: options FAST_IPSEC & tunnels
Previous by thread: options FAST_IPSEC & tunnels
Next by thread: options FAST_IPSEC & tunnels
Index(es):
- Date
- Thread

Visit your host, monkey.org