Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Aug 2006 11:59:39 +0200
From:      Remko Lodder <remko@FreeBSD.org>
To:        remko@FreeBSD.org
Cc:        net@FreeBSD.org
Subject:   Re: Routing IPSEC packets?
Message-ID:  <44E58F8B.5@FreeBSD.org>
In-Reply-To: <44E58E9E.1030401@FreeBSD.org>
References:  <44E58E9E.1030401@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Remko Lodder wrote:
> Hi friends,
> 
> I was looking around for using IPsec services instead of
> OpenVPN services, but I found out that with our current
> implementation of IPsec, we cannot actually route packets
> through the various IPsec hops [1].  OpenBSD adds IPsec
> flows in their routing table, making it possible to route
> traffic between IPsec tunnels.
> 
> Can someone either confirm my above statement that FreeBSD
> is indeed not capable of doing this?
> 
> In the case that does not exist yet, are there others that
> also like this feature? And is there someone who can do
> the coding in that case? (I am not skilled enough to do
> this).
> 
> I hope to get some good feedbacks :-)
> 
> Please keep me CC'ed since I am not subscribed to the
> list.
> 
> Thanks a lot!
> Cheers,
> Remko
> 

Oh,

Ofcourse I should do the [1] trick:

I want to do the following; I have three IPsec endpoints
at this moment, one at home, one in my personal colo environment
and one in another colo environment.

The machine(s) in the personal colo environment are the point
to where all the others connect to.  So the other colo env
connects to the personal colo environment, and my home also
connects to the personal colo environment.

I would like to be able to:

Other colo -- ipsec tunnel -- personal colo -- ipsec -- home

Have these communications possible, and ofcourse the other way
around.  In the event that another tunnel will be attaching,
I would like to be able to route these packets to the other
host as well (so that I can reach all the IPsec tunneled hosts
from the IPsec network, from where-ever I will be, either road
-warrior, or just at home, or at one of the colo machine's).

Sorry that I did not mention this in my previous email.

Cheers,
Remko

-- 
Kind regards,

      Remko Lodder               ** remko@elvandar.org
      FreeBSD                    ** remko@FreeBSD.org

      /* Quis custodiet ipsos custodes */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44E58F8B.5>