Date: Fri, 01 Dec 2000 00:31:12 +0900 From: itojun@iijlab.net To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Dominick LaTrappe <seraf@2600.COM>, freebsd-net@freebsd.org, Gerhard Sittig <Gerhard.Sittig@gmx.net> Subject: Re: filtering ipsec traffic (fwd) Message-ID: <26650.975598272@coconut.itojun.org> In-Reply-To: Cy.Schubert's message of Thu, 30 Nov 2000 07:00:09 PST. <200011301500.eAUF0Ol40955@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Could we just borrow a something from the pipsecd model? Pipsecd uses >a tun device to present itself to system. A network that is associated >via a pipsecd IPSec tunnel is defined in the routing table to route >packets through the tun interface. Once packets enter the tun >interface pipsecd encapsulates them and spits them out through the >external interface. Packets coming back in go in reverse order. E.g., from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra interface like tun0. IPv6 has scoped address, and if we add extra interface in IP stack we will change the address semantics. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26650.975598272>