if_ipsec
Eugene M. Zheganin
emz at norma.perm.ru
Thu Jun 14 07:34:05 UTC 2012
Hi,
On 09.06.2012 23:07, Jeremie Le Hen wrote:
> What it usually done for convenience is to create a gif(4) or gre(4)
> tunnel to another network, which is then encrypted using IPSec
> transport mode. The inner IP/GRE header is considered as the payload
> and it is encrypted. The benefit of this approach is that you "see"
> your tunnel, it looks more natural from a system point of view. I
> haven't used IPSec in tunnel mode for more than a decades, so I don't
> remember how it is manageable. But with the IPSec transport mode +
> gif/gre tunnel, you see a full-fledged interface toward the other
> network, through which you can route your traffic.
Yeah, but nowadays this is sort of a legacy thing.
Modern router OSes, like IOS or JunOS operate the ipsec interfaces, and
these interfaces are visible in the system and are fully operation in
the context of the dynamic routing, and I mean here sending/receiving
packets from/to these interfaces. I just wanted FreeBSD to have such a
capability.
Thank you for an explanation though. Seems like you read only the first
few lines of my post. I am fully capable... whatever. Seems like I've
already said this in my initial message.
Eugene.
More information about the freebsd-net
mailing list