Date: Tue, 13 Aug 2002 09:13:00 -0700 From: Lars Eggert <larse@ISI.EDU> To: Les Biffle <les@safety.net> Cc: hackers@freebsd.org Subject: Re: IP routing question Message-ID: <3D59300C.8090906@isi.edu> References: <200208131434.g7DEY1205125@ns3.safety.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Les Biffle wrote:
> 1. Create "n" IPSEC VPN tunnels
> 2. Create "n" VLAN pseudo interfaces
> 3. Route IP Packets based on their arrival iface/tunnel out through
> a corresponding tunnel/iface.
>
> For example, I want to route all packets received through VPN tunnel "2"
> out through VLAN "2," and all packets received on VLAN "2" out through
> VPN "2," without regard to source or destination IP Addresses.
>
> I don't want to examine the IP Addresses of any of the routed packets,
> but only want to make the routing decision based on arrival interface.
>
> Does anyone have any ideas or suggestions? Please?
IPsec tunnel mode won't work, since SAs aren't represented as Interfaces.
I'm not aware of any routing daemon that can use inbound interfaces as a
parameter in its forwarding decision, otherwise using IPIP tunnels
together with IPsec transport mode (draft-touch-ipsec-vpn-04.txt) might
have worked with whatever daemon does that.
You could use the draft-touch-ipsec-vpn-04.txt together with ipfw rules,
but then you say you don't want to look at IP addresses...
So no, I don't see how it can be done under your constraints.
Lars
--
Lars Eggert <larse@isi.edu> USC Information Sciences Institute
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
��00
G0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu00
*H
��0�
|\Pw v~~
FDooӦA\- Cˀ4.)&{肋
,z
(ܷر߈T7_'txGH^tt/ҹB8%t<#ֲN�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��aJPMՒ�]cѭC+kS+wZ1gY",YT41
j
6:~℩
D~Kؚl=u(ՎM?cF7@}T00
G0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu00
*H
��0�
|\Pw v~~
FDooӦA\- Cˀ4.)&{肋
,z
(ܷر߈T7_'txGH^tt/ҹB8%t<#ֲN�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��aJPMՒ�]cѭC+kS+wZ1gY",YT41
j
6:~℩
D~Kؚl=u(ՎM?cF7@}T080fErtcvE.0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
000830000000Z
040827235959Z01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.3000
*H
��0�32c %E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ
|CBPQ<9TIf�- ki�N0L0)U
"0
0
10UPrivateLabel1-2970U
0�0
U
0
*H
��1KG]qSl]y=&b""I'{9$
*8PUl
LGl
X1B li+@]jy.%݊
Z<D&iHΥbb10001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30G0 +�a0 *H
1
*H
0
*H
1
020813161300Z0# *H
1.">.Û0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0
*H
101
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30G0
*H
�Js{S�t<bIZ ,Owtx>riiWTQJ Ea3ڴ f ҩ9ĝ�s^cQhPdC[.bpt
<l tӺ`Gw*Zw������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D59300C.8090906>