From owner-freebsd-stable Fri Nov 22 7: 2:40 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA5C637B401 for ; Fri, 22 Nov 2002 07:02:38 -0800 (PST) Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B86443E4A for ; Fri, 22 Nov 2002 07:02:37 -0800 (PST) (envelope-from Jim.Hatfield@insignia.com) Received: from scorpio.isltd.insignia.com (scorpio.isltd.insignia.com [172.16.1.1]) by highland.isltd.insignia.com (8.12.6/8.12.6) with ESMTP id gAMF2a1x016490 for ; Fri, 22 Nov 2002 15:02:36 GMT (envelope-from Jim.Hatfield@insignia.com) Received: from exchange-uk.isltd.insignia.com (exchange-uk [172.16.1.6]) by scorpio.isltd.insignia.com (8.11.3/8.11.3) with ESMTP id gAMF2a419731 for ; Fri, 22 Nov 2002 15:02:36 GMT Received: by exchange-uk.isltd.insignia.com with Internet Mail Service (5.5.2653.19) id <394912CG>; Fri, 22 Nov 2002 15:02:35 -0000 Message-ID: <2F03DF3DDE57D411AFF4009027B8C3670289D55D@exchange-uk.isltd.insignia.com> From: "local.freebsd.stable" To: "'freebsd-stable@freebsd.org'" Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? SOLUTION A ND QUESTIONS Date: Fri, 22 Nov 2002 15:02:34 -0000 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain X-Scanned-By: MIMEDefang 2.25 (www . roaringpenguin . com / mimedefang) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 21 Nov 2002 08:37:41 -0000, freebsd-stable-21nov02@oldach.net (Helge Oldach) wrote: >Essentially because you don't need to use a gif interface at all if >you implement ESP tunnel mode. The only purpose for gif is to get the >routing straight, which is: You have a route to the remote inside >network via the gif interface, and you have a "public" route via the >real interface. > >You can as well implement this by placing the internal route to an IP >address which has a static ARP entry with the MAC address of the public >default gateway. Been there, it works. Could you elucidate? I've seen people say something like this before but never been able to work out what to do to configure it. I am using a gif interface for precisely the purpose you state, and it would be good to know how to do it without it. jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message