From owner-freebsd-stable  Tue Nov 26  2:32: 2 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A850137B401
	for <FreeBSD-stable@FreeBSD.ORG>; Tue, 26 Nov 2002 02:32:01 -0800 (PST)
Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 38D6243E4A
	for <FreeBSD-stable@FreeBSD.ORG>; Tue, 26 Nov 2002 02:32:00 -0800 (PST)
	(envelope-from ari.suutari@syncrontech.com)
Received: from linux (coffee.syncrontech.com [62.71.8.37])
	by guinness.syncrontech.com (8.12.6/8.12.6) with ESMTP id gAQAVs65047919;
	Tue, 26 Nov 2002 12:31:54 +0200 (EET)
	(envelope-from ari.suutari@syncrontech.com)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Ari Suutari <ari.suutari@syncrontech.com>
Organization: Syncron Tech Oy
To: Eric Masson <e-masson@kisoft-services.com>
Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw?
Date: Tue, 26 Nov 2002 12:37:41 +0200
User-Agent: KMail/1.4.3
Cc: greg.panula@dolaninformation.com,
	David Kelly <dkelly@HiWAAY.net>, FreeBSD-stable@FreeBSD.ORG
References: <200211142157.57459.dkelly@HiWAAY.net> <200211260837.02019.ari.suutari@syncrontech.com> <86n0nwr6jz.fsf@notbsdems.nantes.kisoft-services.com>
In-Reply-To: <86n0nwr6jz.fsf@notbsdems.nantes.kisoft-services.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200211261237.41947.ari.suutari@syncrontech.com>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Hi,

On Tuesday 26 November 2002 12:04, Eric Masson wrote:
> of explicit routing tables), but what about an esp interface (or
> whatever name) on which detunneled packets would pass.


=09Would be better for my purposes than gif. Hopefully
=09someone implements something like this. Another approach
=09could be to add new keyword to ipfw which would match
=09only packets that came from tunnel, this would be easy
=09to add for at least IPFW2 (I mean ipfw engine-wise, don't
=09know how easy it would be to tag packets as coming
=09from tunnel)


=09=09Ari S.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message