From owner-freebsd-net@FreeBSD.ORG  Wed Dec 28 16:15:45 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DBEDC16A41F
	for <freebsd-net@freebsd.org>; Wed, 28 Dec 2005 16:15:45 +0000 (GMT)
	(envelope-from e-masson@kisoft-services.com)
Received: from mallaury.nerim.net (smtp-103-wednesday.noc.nerim.net
	[62.4.17.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CB1543D55
	for <freebsd-net@freebsd.org>; Wed, 28 Dec 2005 16:15:45 +0000 (GMT)
	(envelope-from e-masson@kisoft-services.com)
Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net
	[62.212.107.51])
	by mallaury.nerim.net (Postfix) with ESMTP id 376DA4F3DB;
	Wed, 28 Dec 2005 17:15:34 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id
	9BA35C8B0; Wed, 28 Dec 2005 17:15:42 +0100 (CET)
Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1])
	by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1])
	(amavisd-new, port 10024)
	with ESMTP id 68863-03; Wed, 28 Dec 2005 17:15:39 +0100 (CET)
Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix,
	from userid 1001) id B50EFC8BA; Wed, 28 Dec 2005 17:15:39 +0100 (CET)
To: Brian Candler <B.Candler@pobox.com>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <20051228155545.GA7166@uk.tiscali.com> (Brian Candler's message
	of "Wed, 28 Dec 2005 15:55:45 +0000")
References: <20051228143817.GA6898@uk.tiscali.com>
	<86lky5p7ik.fsf@srvbsdnanssv.interne.kisoft-services.com>
	<20051228155545.GA7166@uk.tiscali.com>
X-Operating-System: FreeBSD 5.4-RELEASE-p2 i386
Date: Wed, 28 Dec 2005 17:15:39 +0100
Message-ID: <86d5jhp590.fsf@srvbsdnanssv.interne.kisoft-services.com>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Jumbo Shrimp,
	berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: amavisd-new at interne.kisoft-services.com
Cc: freebsd-net@freebsd.org
Subject: Re: IPSEC documentation
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2005 16:15:46 -0000

Brian Candler <B.Candler@pobox.com> writes:

> OK, I'll buy gif + IPSEC transport mode as an option. [Although in that
> case, perhaps what you want is an external IPSEC tunnel mode implementation
> which attaches to a 'tun' device. That's yet another category which I hadn't
> even considered]

Any url describing this setup please ?

> I still think that gif + IPSEC tunnel mode (as currently documented) is not
> a good approach, especially if it's the *only* mode of operation to be
> documented and hence implicitly recommended as the 'right' way to do it.

Well, ipsec section of the handbook is probably not the best one, I'd
like to see it extended with the sections you talked about in this
thread. Maybe it's time to submit patches...

-- 
 >pourkoi faire ca c koi le but? je vois pas l interet c un forum libre
 >ou tt le monde px s exprimer c pas mtnt kil faut reagir c ds les posts
 Au secours, mon ROT-13 ne marche plus :-((((
 -+- PC in <http://www.le-gnu.net> : Neuneu decode à plein tube -+-