From owner-freebsd-net@FreeBSD.ORG Sun May 22 14:31:07 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7520F106566C for ; Sun, 22 May 2011 14:31:07 +0000 (UTC) (envelope-from jhall@socket.net) Received: from mf1.socket.net (mf1.socket.net [216.106.88.38]) by mx1.freebsd.org (Postfix) with ESMTP id 59B618FC0A for ; Sun, 22 May 2011 14:31:06 +0000 (UTC) Received: from localhost (unknown [216.106.88.17]) by mf1.socket.net (Postfix) with SMTP id 2E01B403E9 for ; Sun, 22 May 2011 09:31:06 -0500 (CDT) To: freebsd-net@freebsd.org From: jhall@socket.net X-Apparently-from: jhall@mail.socket.net X-Remote-Host: 216.106.31.249 User-Agent: Socket WebMail References: <20110522120030.4B70510656D2@hub.freebsd.org> Date: Sun, 22 May 2011 09:31:06 -0500 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <20110522143107.7520F106566C@hub.freebsd.org> Subject: RE: IPSec Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jhall@socket.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2011 14:31:07 -0000 >If you were using tunnel mode, the encrypted packet would change its >source and destination IP's, specifying your gateway as the source, and >your vendor's gateway as the destination, so intervening routers would >have no difficulty delivering the packet, or routing reply packets back >to you. This may be where my misunderstanding is coming from. Our vendor has not specified an internal IP address for the other end of the tunnel. They have given me an address to ping once the connection is up and running though. Is it possible to using tunneling mode without an internal IP address on the other gateway? My understanding of the protocol is that this is not possible. Thank you for your help. Jay