FreeBSD Mail Archives

Date:      Tue, 01 May 2001 14:07:58 -0700
From:      Lars Eggert <larse@ISI.EDU>
To:        Gunther Schadow <gunther@aurora.regenstrief.org>
Cc:        snap-users@kame.net, freebsd-net@freebsd.org, ipfilter@coombs.anu.edu.au, altq@csl.sony.co.jp
Subject:   Re: The future of ALTQ, IPsec & IPFILTER playing together ...
Message-ID:  <3AEF25AE.56CF384A@isi.edu>
References:  <3AEEEE79.8F7CC7B0@aurora.regenstrief.org> <3AEEF26B.C6850070@isi.edu> <3AEEF59D.3D5622DE@aurora.regenstrief.org> <3AEEFA06.BA0EB9FD@isi.edu> <3AEF0452.C2FD2651@aurora.regenstrief.org> <3AEF09BF.9F9A7BAB@isi.edu> <3AEF2007.5968E10D@aurora.regenstrief.org>


[-- Attachment #1 --]
Gunther Schadow wrote:
> Lars, what was your rationale for inventing the ip-tun package?

We wrote it a few years back for FreeBSD-3.X, to support X-Bone when no
KAME was installed (3.X did not have KAME code merged yet.) I hear there
are issues with it under 4.X due to a changed device model, but I think
we'll have a student port it over the summer. Then again, nos-tun(8)
supports IP-in-IP now, so maybe ip-tun is obsolete.

> Did you have good or bad experience with any of those alternatives?

Vtun uses UDP encapsulation, which means it's an application level thing
(like ssh tunnels). One of the major design objectives of X-Bone was to
use off-the-shelf, standardized OS mechanisms, so it didn't qualify.
We're trying to provide a pure IP overlay - ideally, you shouldn't be
able to tell an overlay network from a real network (e.g. ping,
traceroute, DNS, RIP, etc. all "just works"). Application-level tunnels
(and layer-2 tunnels) can't support this. (I also personnally don't
think UDP encapsulation has any purpose other than tunneling through
NATs, which are a bad hack and should die.) 

GRE encapsulation has functionality not needed for our purposes and adds
an extra header, so we decided against it.

I have no experience with pipsecd.

Lars
-- 
Lars Eggert <larse@isi.edu>               Information Sciences Institute
http://www.isi.edu/larse/              University of Southern California
[-- Attachment #2 --]
0�#	*�H��
��0�10	+0	*�H��
���0��0�A�#0
	*�H��
0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160
000824203008Z
010824203008Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0�����\�p�9޻� H;�����v��֐�r��∩6��"C?mxf�J��f��7����I��[���3C�F�́�L	I
�-�����zHR���VA怤2�]0-b��L�)���%X>�n�Ӆ�w0u0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00U#0����`�fU��X�F�a�#�Ì0
	*�H��
����_3��	��F�=%nW�Y-HXD�9�UO���c�6�ܰ�w�f�@u�ܶ�NԄR?��P�r}����E��1�֮2�3�������mF�h�ySwM_h|d y����R�����=��$�P ����0�0�}�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
990916140140Z
010915140140Z0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.160��0
	*�H��
��0�����iZ���z��]�!�#r�LK�~����r$�BR�W��{az���r98����e��^��e���yvL>�hpu��t�,O	1��A�rƦ]�D��.�M��օ>l�x�~@�эW��s�0�F�O�7050U�0�0U#0�rI�s4�U�vr�~w��Ʋ0
	*�H��
��k�Y�1�����rr��`H��U�{�g��ap�m¥7؝�(V��\uoƑ��lfq�|k�o��!6-���	��-mƃR����������t��\���~��
orzg,ks�����n�Ν��c)�	~U�1��0��0��0��10	UZA10UWestern Cape10UDurbanville10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 1999.9.16#0	+���0	*�H��
	1	*�H��
0	*�H��
	1
010501210758Z0#	*�H��
	1�2~Ulk$U��	��1 ��	O0R	*�H��
	1E0C0
*�H��
0*�H��
�0+0
*�H��
@0
*�H��
(0
	*�H��
���O��l�,��m��i�I4�f0gm���'PJ	������"�|T�m-�c�S
���uħmm b(�?rC�4�"���F�2��S)���p �G������Y�{	/ʁ*
՘~�B� �AZ)��eZ/�6�

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AEF25AE.56CF384A>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation