From owner-freebsd-net@FreeBSD.ORG  Mon Sep 27 11:40:09 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3BCC916A4CE
	for <freebsd-net@freebsd.org>; Mon, 27 Sep 2004 11:40:09 +0000 (GMT)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EAE0D43D31
	for <freebsd-net@freebsd.org>; Mon, 27 Sep 2004 11:40:08 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id B7DAD1FFDD7; Mon, 27 Sep 2004 13:40:07 +0200 (CEST)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id A0F491FF9A8; Mon, 27 Sep 2004 13:40:05 +0200 (CEST)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id 434F315674; Mon, 27 Sep 2004 11:39:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP
	id 387CE154FC; Mon, 27 Sep 2004 11:39:40 +0000 (UTC)
Date: Mon, 27 Sep 2004 11:39:40 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: Brian Somers <brian@Awfulhak.org>
In-Reply-To: <20040927122255.71d60282@dev.lan.Awfulhak.org>
Message-ID: <Pine.BSF.4.53.0409271130140.11069@e0-0.zab2.int.zabbadoz.net>
References: <20040927113624.4a342952@dev.lan.Awfulhak.org>
 <Pine.BSF.4.53.0409271058030.11069@e0-0.zab2.int.zabbadoz.net>
 <20040927122255.71d60282@dev.lan.Awfulhak.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
cc: freebsd-net@freebsd.org
Subject: Re: gif(4) & ipsec [was: ICMP_UNREACH_NEEDFRAG broken in -current]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2004 11:40:09 -0000

On Mon, 27 Sep 2004, Brian Somers wrote:

> On Mon, 27 Sep 2004 10:59:54 +0000 (UTC), "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> wrote:
> > On Mon, 27 Sep 2004, Brian Somers wrote:
> >
> > > The outside network segment is an IPSEC configuration with gif interfaces
> > ...
> > > Comments/suggestions/flames?
> >
> > most likely unrelated but I need input on this so ...
> > why do you need gif(4) ?
>
> With an ipsec-only solution, talking from a gateway box to an internal
> host on the ``other'' network doesn't work nicely....

ok.

> especially if the internal host on the other network doesn't have a
> route for it.

considering the usage of a vpn-gw/router most services needed like
ssh, ping and possibly telnet can be given a source address on command
line to use the internal IP. anyway it's complicating things, you are
right.

thanks for the detailed explanation.

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT