FreeBSD Mail Archives

Date:      Tue, 13 Aug 2002 13:16:37 -0700
From:      Lars Eggert <larse@ISI.EDU>
To:        Julian Elischer <julian@elischer.org>
Cc:        Les Biffle <les@safety.net>, hackers@freebsd.org
Subject:   Re: IP routing question
Message-ID:  <3D596925.60906@isi.edu>
References:  <Pine.BSF.4.21.0208131245330.17577-100000@InterJet.elischer.org>


[-- Attachment #1 --]
Julian Elischer wrote:
> On Tue, 13 Aug 2002, Les Biffle wrote:
>>I want to do the following:
>>
>>1.  Create "n" IPSEC VPN tunnels
>>2.  Create "n" VLAN pseudo interfaces
>>3.  Route IP Packets based on their arrival iface/tunnel out through
>>    a corresponding tunnel/iface.
>>
>>For example, I want to route all packets received through VPN tunnel "2"
>>out through VLAN "2," and all packets received on VLAN "2" out through
>>VPN "2," without regard to source or destination IP Addresses.
> 
> incoming packets should be selectabl in ipfw by using the 
> clause 
> "in recv gif0" 

Minor point: IPsec tunnel mode tunnels aren't gif tunnels - he'd need to 
use IPIP tunnels + IPsec transport mode in that case (see 
draft-touch-ipsec-vpn04.txt), which I recommend anyway, of course :-)

I hadn't thought of using the ipfw "in" selector, good idea!

Lars
-- 
Lars Eggert <larse@isi.edu>           USC Information Sciences Institute

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
���0��0���G0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0���������|\Pw��� �v����~��~�F�Do�o�ӦA��\-��	� ���Cˀ�4�.��)&��{�肋���,z�(ܷر��߈��T7�_'t�xGH^tt/ҹB8��%�t<#�ֲN��V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
����a�JP���M�Ւ�]cѭC+��kS��+wZ�1���gY"�,Y���T�41�
�j����6:~�℩��D���������~�Kؚ�l���=�u(Վ��M?cF��7@����}��T��0��0���G0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0U*Lars10ULars Eggert10	*�H��
	
larse@isi.edu0��0
	*�H��
��0���������|\Pw��� �v����~��~�F�Do�o�ӦA��\-��	� ���Cˀ�4�.��)&��{�肋���,z�(ܷر��߈��T7�_'t�xGH^tt/ҹB8��%�t<#�ֲN��V0T0*+e!000L2uMyffBNUbNJJcdZ2s0U0�
larse@isi.edu0U�00
	*�H��
����a�JP���M�Ւ�]cѭC+��kS��+wZ�1���gY"�,Y���T�41�
�j����6:~�℩��D���������~�Kؚ�l���=�u(Վ��M?cF��7@����}��T��0�80���fEr��t��cvE��.�0
	*�H��
0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��
	personal-freemail@thawte.com0
000830000000Z
040827235959Z0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300��0
	*�H��
��0�����32�c�	%E>�nx'g��ڈ���D)�c5*mp<�ܮ��to0�3��4q��m���O�e�
�K���a����U�5��u�'��r���װ�����|CBPQ��<�9��T������If-	��k�i�N0L0)U"0 �010UPrivateLabel1-2970U�0�0U0
	*�H��
��1�KG]�q��Sl]y�=��&b�"��"��I�'{9����$����
*8�PU�l�
�L����G�l�X�1B	l�i�+�@]j�y��.%݊���
��Z��<�D�&i�H�Υ����bb��1��0��0��0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30�G0	+��a0	*�H��
	1	*�H��
0	*�H��
	1
020813201637Z0#	*�H��
	1��ƪZɃo�+��j�����0R	*�H��
	1E0C0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��*�H��
	1�����0��10	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30�G0
	*�H��
���c��*���F��N
��usx��6'��>a�z:����r�{?*'��Ӝ�f>���5��;C�>�k��?,��1��۲9V*�����������@m�9f=�i:c�0X7_�Z�ʡfR�Z��'��

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D596925.60906>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation