Date: Tue, 17 Apr 2001 15:06:53 +0100 From: David Pick <D.M.Pick@qmw.ac.uk> To: freebsd-security@FreeBSD.ORG Subject: Re: Interaction between ipfw, IPSEC and natd Message-ID: <E14pW85-0002Q2-00@xi.css.qmw.ac.uk> In-Reply-To: Your message of "Mon, 16 Apr 2001 12:14:05 PDT." <200104161914.f3GJEMh06453@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Just sort of thinking out loud here, would some kind of daemon (or > other facility), that would attach itself to a tun(4) (or other) > interface, like pipsecd does, but use the kernel's IPSec facility to > encrypt and encapsulate the packets instead of its own, then inject > them into the external interface be of use? I think so - but I don't see why a daemon whould be necessary. It seems to me that the sort of mechanism used by the "gif" interfaces would be appropriate. It *might* even be possible to extend the "gif" interface to do the job. The difference being that instead of encapsulating in an IP "tunnel" it would encapsulate in an IPSEC "tunnel". It probably would not be either appropriate or necessary to be able to handle AH-only packets this way. Of course, I may be talking through my hat; is so I;m sure someone will tell me... -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E14pW85-0002Q2-00>