IPSEC documentation
Eric Masson
e-masson at kisoft-services.com
Wed Dec 28 07:26:53 PST 2005
Brian Candler <B.Candler at pobox.com> writes:
Hi,
> The IPSEC documentation at
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html is
> pretty weird. It suggests that you encapsulate your packets in IP-IP (gif)
> encapsulation and THEN encapsulate that again using IPSEC tunnel mode.
Well transport mode is sufficient and imho logical in this setup, that's
right.
> ISTM that this chapter should be rewritten to use IPSEC tunnel mode solely.
> Do people here generally agree ?
No.
gif/gre tunnels and ipsec transport mode are quite convenient when
associated with dynamic routing protocols.
Adding a section about pure ipsec tunnels would be a better approach
(check handbook cvs history, iirc, ipsec tunnels were described in a
previous version)
Éric Masson
--
Je vous ferez remarquer chers câblés et très très chères câblées qu'un
simple message INNOCENT (j'insiste) a engendré près de 10 réponses !!!
-+- PC in <http://www.le-gnu.net> : Tous coupables, tous. -+-
More information about the freebsd-net
mailing list