Date: Sat, 6 Jun 2020 03:10:53 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Tom Marcoen <tom.marcoen@gmail.com>, freebsd-net@freebsd.org Subject: Re: On Netgraph Message-ID: <9f40bc70-edc7-0d0b-de5f-a4fffaddaba3@grosbein.net> In-Reply-To: <CAJ-iVrNLtokv1abMWht=B1CZKxOC_Q=EvOh_hs%2BS3b%2Bd4F5RMA@mail.gmail.com> References: <CAJ-iVrNn=9-Z5YHG4j=adnFiiTbDLED6ArYh8j9Zepn0k8=6KA@mail.gmail.com> <CAJ-iVrNLtokv1abMWht=B1CZKxOC_Q=EvOh_hs%2BS3b%2Bd4F5RMA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
06.06.2020 2:13, Tom Marcoen wrote: > Hey Eugen, > > For some reason I did not receive your email. But I found your reply in the > archives. Just look at your gmail spam folder. Gmail's antispam policy in not quite adequate. > Anyway, the goal is to have two computers, each with a Netgraph bridge node > and jails connecting to these bridges. I want to connect both bridges over > the Internet securely. Using a UDP tunnel and encrypting that with IPsec or > wireguard or .... would be an option, but it would be nicer if I could use > a Netgraph-native option. Just create ordinary gif(4) or gre(4) tunnel between your two hosts and encrypt it with IPSec, that will me more secure and much easier same time. Or, if you don't like gif/gre, you maybe would like to use if_ipsec(4) native encapsulation for IPSec. These *are* native options for FreeBSD. No reason to use more complex NETGRAPH schemes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9f40bc70-edc7-0d0b-de5f-a4fffaddaba3>