From owner-freebsd-net Thu Nov 30 7:32:40 2000 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 1531737B402 for ; Thu, 30 Nov 2000 07:32:36 -0800 (PST) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id AAA26652; Fri, 1 Dec 2000 00:31:12 +0900 (JST) To: Cy Schubert - ITSD Open Systems Group Cc: Dominick LaTrappe , freebsd-net@freebsd.org, Gerhard Sittig In-reply-to: Cy.Schubert's message of Thu, 30 Nov 2000 07:00:09 PST. <200011301500.eAUF0Ol40955@cwsys.cwsent.com> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: filtering ipsec traffic (fwd) From: itojun@iijlab.net Date: Fri, 01 Dec 2000 00:31:12 +0900 Message-ID: <26650.975598272@coconut.itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Could we just borrow a something from the pipsecd model? Pipsecd uses >a tun device to present itself to system. A network that is associated >via a pipsecd IPSec tunnel is defined in the routing table to route >packets through the tun interface. Once packets enter the tun >interface pipsecd encapsulates them and spits them out through the >external interface. Packets coming back in go in reverse order. E.g., from IPv6 point of view (yes, I'm IPv6 centric!) we cannot add extra interface like tun0. IPv6 has scoped address, and if we add extra interface in IP stack we will change the address semantics. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message