Date: Fri, 9 Nov 2001 10:15:16 +0300 From: "Oles' Hnatkevych" <gnut@fc.kiev.ua> To: freebsd-net@freebsd.org Subject: ipsec: tunneling with compression Message-ID: <1154549961.20011109101516@fc.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hello freebsd-net,
Having read mans and papers and web still can not figure
out HOW can I setup IPSEC tunneling WITH compression
so far all I do is manual SA setup
that looks like
add 192.168.1.128 192.168.1.129 esp 10010 -E 3des-cbc "101010101010101010101010";
add 192.168.1.129 192.168.1.128 esp 10011 -E 3des-cbc "010101010101010101010101";
add 192.168.1.128 192.168.1.129 ipcomp 10005 -C deflate;
add 192.168.1.129 192.168.1.128 ipcomp 10006 -C deflate;
and SP looks like (1.128-1.129 is a gif0 tunnel)
spdadd 192.168.5.22 192.168.100.17 any -P out ipsec
ipcomp/transport//require
esp/tunnel/192.168.1.128-192.168.1.129/require;
spdadd 192.168.100.17 192.168.5.22 any -P in ipsec
ipcomp/transport//require
esp/tunnel/192.168.1.129-192.168.1.128/require;
so the questions is:
1. Is it possible in FreeBSD to do tunneling with ESP and IPCOMP?
2. should I use ipcomp/transport//require or ipcomp/tunnel/..../require?
3. what __request__ order should be used - and does it matter at all?
4. if I use ESP, why may I want to use it with AH?
With best wishes, Oles' Hnatkevych, http://gnut.kiev.ua, gnut@fc.kiev.ua
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1154549961.20011109101516>