From owner-freebsd-net@FreeBSD.ORG  Wed Dec 17 06:02:13 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C52FA16A4CF
	for <freebsd-net@FreeBSD.org>; Wed, 17 Dec 2003 06:02:13 -0800 (PST)
Received: from math.teaser.net (math.teaser.net [213.91.2.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DB9CB43D4B
	for <freebsd-net@FreeBSD.org>; Wed, 17 Dec 2003 06:02:11 -0800 (PST)
	(envelope-from e-masson@kisoft-services.com)
Received: from t39bsdems.interne.kisoft-services.com
	(nantes.kisoft-services.com [193.56.60.243])
	by math.teaser.net (Postfix) with ESMTP
	id 25CE16C80F; Wed, 17 Dec 2003 15:02:10 +0100 (CET)
Received: by t39bsdems.interne.kisoft-services.com (Postfix, from userid 1001)
	id E124C5AB25; Wed, 17 Dec 2003 15:01:53 +0100 (CET)
To: Helge Oldach <helge.oldach@atosorigin.com>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <200312170832.JAA27711@galaxy.hbg.de.ao-srv.com> (Helge
 Oldach's message of "Wed, 17 Dec 2003 09:32:31 +0100 (MET)")
References: <200312170832.JAA27711@galaxy.hbg.de.ao-srv.com>
X-Operating-System: FreeBSD 4.9-STABLE i386
Date: Wed, 17 Dec 2003 15:01:53 +0100
Message-ID: <86vfofczla.fsf@t39bsdems.interne.kisoft-services.com>
User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Portable Code,
 berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
Subject: Re: gre tunnel & ipsec transport mode
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2003 14:02:13 -0000

>>>>> "Helge" == Helge Oldach <helge.oldach@atosorigin.com> writes:

Hello Helge,

 Helge> I think the problem is that you need multicasts to exchange
 Helge> routing updates through the tunnel. If I am not mistaken that is
 Helge> supported with gif interfaces as well. Maybe you could do away
 Helge> with gif?

I have a setup with gif tunnels atm, "it just works" (c) (r) (tm) ;)

 Helge> This is odd. Do you have a chance to test this against another
 Helge> IPSec box, e.g. a Cisco router configured with a GRE Tunnel
 Helge> interface?

Nope atm, the archives of this list show a similar case in June 2003
with no answer.

>From section 3.4 of the following document, encapsulating gre tunnels in
ipsec transport should "just work"
http://decoy.khaotic.net/~say/files/FreeBSD-WIN2K-IPSEC-HOWTO.html

Thanks for your help.

Eric Masson

-- 
 Tu as lu les docs. Tu es devenu un informaticien. Que tu le veuilles
 ou non. Lire la doc, c'est le Premier et Unique Commandement de
 l'informaticien.
 -+- TP in: Guide du Linuxien pervers - "L'évangile selon St Thomas"