options FAST_IPSEC & tunnels
Lars Eggert
larse at ISI.EDU
Tue Apr 1 14:22:50 PST 2003
On 4/1/2003 11:03 AM, Sam Leffler wrote:
>
> Long term, I intend is to associate packets with an enc device so
> there's a way to identify these packets when writing firewall rules.
Alternatively (and already working), you can replace IPsec tunnel mode
with IPIP (gif) tunnels and transport mode, and then use the gif device
in your firewall rules.
It doesn't give you the full expressiveness of IPsec selectors, but it's
good enough for many VPN schemes (and routing works!)
(See
ftp://ftp.rfc-editor.org/internet-drafts/draft-touch-ipsec-vpn-04.txt; I
have the -05 update almost ready, which will then go to Informational.)
Lars
--
Lars Eggert <larse at isi.edu> USC Information Sciences Institute
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3529 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20030401/e52882ff/smime.bin
More information about the freebsd-net
mailing list