From owner-freebsd-net Fri Apr 5 0:36:38 2002 Delivered-To: freebsd-net@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 98CA637B41A for ; Fri, 5 Apr 2002 00:36:34 -0800 (PST) Received: from localhost ([2001:240:10a:1000:260:1dff:fe21:f766]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g358Xkv41144; Fri, 5 Apr 2002 17:33:46 +0900 (JST) (envelope-from sakane@kame.net) To: sam@errno.com Cc: freebsd-net@FreeBSD.ORG Subject: Re: kame ipsec vs. openbsd ipsec In-Reply-To: Your message of "Fri, 05 Apr 2002 17:26:20 +0900" <20020405172620N.sakane@kame.net> References: <20020405172620N.sakane@kame.net> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020405173731D.sakane@kame.net> Date: Fri, 05 Apr 2002 17:37:31 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 13 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > some people say that OpenBSD has advantage because: > 2. because SA is shown as a pseudo interface, > about 4, we don't like to create a pseudo interface of each SA, > in particular, when we use IPsec transport mode. each userland > process can use individual SA in KAME. this function is specified by > RFC2401. when we would choice to implement SA by a interface base, > how many interface we would need. i have heard that openbsd have a single interface, enc0 for only ESP flow. all of ESP packets are threw to this interface. is that right ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message