From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 09:55:47 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C51A16A4DD for ; Fri, 18 Aug 2006 09:55:47 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05D6243D45 for ; Fri, 18 Aug 2006 09:55:46 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 236C692FDD5 for ; Fri, 18 Aug 2006 11:55:43 +0200 (CEST) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 36065-07 for ; Fri, 18 Aug 2006 11:55:42 +0200 (CEST) Message-ID: <44E58E9E.1030401@FreeBSD.org> Date: Fri, 18 Aug 2006 11:55:42 +0200 From: Remko Lodder User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: net@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the elvandar.org maildomain Cc: Subject: Routing IPSEC packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: remko@FreeBSD.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 09:55:47 -0000 Hi friends, I was looking around for using IPsec services instead of OpenVPN services, but I found out that with our current implementation of IPsec, we cannot actually route packets through the various IPsec hops [1]. OpenBSD adds IPsec flows in their routing table, making it possible to route traffic between IPsec tunnels. Can someone either confirm my above statement that FreeBSD is indeed not capable of doing this? In the case that does not exist yet, are there others that also like this feature? And is there someone who can do the coding in that case? (I am not skilled enough to do this). I hope to get some good feedbacks :-) Please keep me CC'ed since I am not subscribed to the list. Thanks a lot! Cheers, Remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */