Date: Mon, 27 Sep 2004 11:39:40 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Brian Somers <brian@Awfulhak.org> Cc: freebsd-net@freebsd.org Subject: Re: gif(4) & ipsec [was: ICMP_UNREACH_NEEDFRAG broken in -current] Message-ID: <Pine.BSF.4.53.0409271130140.11069@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <20040927122255.71d60282@dev.lan.Awfulhak.org> References: <20040927113624.4a342952@dev.lan.Awfulhak.org> <Pine.BSF.4.53.0409271058030.11069@e0-0.zab2.int.zabbadoz.net> <20040927122255.71d60282@dev.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Sep 2004, Brian Somers wrote: > On Mon, 27 Sep 2004 10:59:54 +0000 (UTC), "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> wrote: > > On Mon, 27 Sep 2004, Brian Somers wrote: > > > > > The outside network segment is an IPSEC configuration with gif interfaces > > ... > > > Comments/suggestions/flames? > > > > most likely unrelated but I need input on this so ... > > why do you need gif(4) ? > > With an ipsec-only solution, talking from a gateway box to an internal > host on the ``other'' network doesn't work nicely.... ok. > especially if the internal host on the other network doesn't have a > route for it. considering the usage of a vpn-gw/router most services needed like ssh, ping and possibly telnet can be given a source address on command line to use the internal IP. anyway it's complicating things, you are right. thanks for the detailed explanation. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0409271130140.11069>