Date: Wed, 10 Jun 2020 12:39:14 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: freebsd-net@freebsd.org Subject: Re: On Netgraph Message-ID: <cd9d3a52-d7fc-c5f5-b28a-534aea6c1821@grosbein.net> In-Reply-To: <20200609234859.GR4213@funkthat.com> References: <CAJ-iVrNn=9-Z5YHG4j=adnFiiTbDLED6ArYh8j9Zepn0k8=6KA@mail.gmail.com> <d5c2b323-66a6-d88e-91d5-f697aa4fdefe@grosbein.net> <d110a823-9db8-973d-0bcc-a248b804d752@freebsd.org> <CAJ-iVrMy3Ja_ppb56O0Ft8Gv8aeFPaqvkoaJo0jjNrwufqdeNg@mail.gmail.com> <20200609234859.GR4213@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
10.06.2020 6:48, John-Mark Gurney wrote: > Tom Marcoen wrote this message on Tue, Jun 09, 2020 at 12:53 +0200: >> That is what I had in mind. Though I was hoping I could put the encryption >> in NetGraph too so that I would not see that interface on my host where I >> do not need to see it. > > You wouldn't see any interface if you're encrypting and authenticating > a UDP tunnel with IPsec... the Security Association (SA) is transparent > and does not appear on the interface list of your host.. This is only partially true these days: https://www.freebsd.org/cgi/man.cgi?query=if_ipsec
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cd9d3a52-d7fc-c5f5-b28a-534aea6c1821>