From owner-freebsd-net Wed Oct 2 11: 9: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18F6B37B404 for ; Wed, 2 Oct 2002 11:09:00 -0700 (PDT) Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78B4743E7B for ; Wed, 2 Oct 2002 11:08:58 -0700 (PDT) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id E32B4D3; Wed, 2 Oct 2002 20:08:56 +0200 (CEST) Date: Wed, 2 Oct 2002 20:08:56 +0200 From: Guido van Rooij To: Julian Elischer Cc: freebsd-net@freebsd.org Subject: Re: non-transparent IPsec via a tun interface? Message-ID: <20021002180856.GA20868@gvr.gvr.org> References: <20021001122130.GA14155@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Oct 01, 2002 at 06:34:29AM -0700, Julian Elischer wrote: > I have done similar to this using teh GIF interface. > > Each tunnel between sites had a gif interface and I firewalled > for only ESP packets to and from the correct machines on the external > interface, and for correct packets for permitted protocols > and ports on the unencrypted data on the gif interfaces. Thanks. That worked. I already thought it should be possible with a gif interface, yet I always get confused with tunnels. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message