IPSec VPNs: to gif or not to gif
Jim Hatfield
subscriber at insignia.com
Fri Oct 24 04:40:15 PDT 2003
On Thu, 23 Oct 2003 12:23:03 +0100, in local.freebsd.security you
wrote:
>The issue was put to bed.
>Reference:
>http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_input.c?rev=1.2
>14&content-type=text/x-cvsweb-markup
>http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_input.c?rev=1.1
>30.2.48&content-type=text/x-cvsweb-markup
>http://docs.freebsd.org/cgi/getmsg.cgi?fetch=132950+0+/usr/local/www/db/
>text/2001/freebsd-security/20010325.freebsd-security
>
>Current behavior is encrypted packet is handled by ipfw once, then after
>
>decryption it is only handled by ipfw(again) if it passes thru an
>interface didn't arrive on.
Many thanks, that's very helpful.
Jim
More information about the freebsd-security
mailing list