IPsec: is it possible to encrypt transit traffic in transport mode?
Eugene Grosbein
eugen at grosbein.net
Fri Nov 30 10:28:48 UTC 2018
30.11.2018 16:30, Lev Serebryakov wrote:
>> It is possible and it is the way I use extensively for long time since very old
>> FreeBSD versions having KAME IPSEC and it works with 11.2-STABLE, too.
> Eugeny, please note, that your example have SA and SPDs with same
> addresses. It works for me too. It doesn't work for me if SAs have addresses
> of routers and SPDs have addresses of routed networks. And if SPDs have
> routers' addresses, then routed traffic is not encrypted, only host-to-host
> (router-to-router) are.
Just add gif(4) to the picture.
More information about the freebsd-net
mailing list