[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
options FAST_IPSEC & tunnels
- Subject: options FAST_IPSEC & tunnels
- From: sam at errno.com (Sam Leffler)
- Date: Tue Apr 1 14:32:42 2003
> On 4/1/2003 11:03 AM, Sam Leffler wrote:
> > Long term, I intend is to associate packets with an enc device so
> > there's a way to identify these packets when writing firewall rules.
> Alternatively (and already working), you can replace IPsec tunnel mode
> with IPIP (gif) tunnels and transport mode, and then use the gif device
> in your firewall rules.
> It doesn't give you the full expressiveness of IPsec selectors, but it's
> good enough for many VPN schemes (and routing works!)
Yes, but for folks that want to use fast ipsec as a plug-compatible
replacement for KAME having an equivalent facility is important.
I'm actually more interested in the ability to monitor traffic post-IPSEC
processing (e.g. with tcpdump). But as I said privately to another person,
I haven't decided exactly how to deal with this issue yet. I watched all
the discussion on this and other mailing lists and when I have time I'll
deal with it. Someone with time now is free to work on it...
Visit your host, monkey.org