Date: Mon, 05 Aug 2002 16:09:51 +0200 From: Eric Masson <e-masson@kisoft-services.com> To: cjclark@alum.mit.edu Cc: Matthew Grooms <mgrooms@seton.org>, dlavigne6@cogeco.ca, Mailing List FreeBSD Security <freebsd-security@FreeBSD.ORG> Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...] Message-ID: <86wur5o0r4.fsf@notbsdems.nantes.kisoft-services.com> In-Reply-To: <20020802172729.GA6880@blossom.cjclark.org> ("Crist J. Clark"'s message of "Fri, 2 Aug 2002 10:27:29 -0700") References: <sd455602.090@aus-gwia.aus.dcnhs.org> <20020730074813.GF89241@blossom.cjclark.org> <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com> <86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com> <20020802172729.GA6880@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Crist" == Crist J Clark <crist.clark@attbi.com> writes: Crist> It's pretty much automagically done by way of the SPD entry. Any Crist> packet that matches the source and destination in the SPD gets Crist> put through the appropriate tunnel with the specified end Crist> points. Ok, I do understand now. Crist> It's not the same as the regular routing table and will not show Crist> up in 'netstat -rn.' It would be nice to have netstat -r show these routes with a new flag (like T for example), tunnelled end address as destination, tunneled origin address as gateway, and interface bound to tunnel origin address as netif. Does this look interesting or is this plain dumb ? Eric Masson -- > dvips -o $@ $< Faut faire gffe de pas te couper avec ton truc, t'as mis des ciseaux ($<) partout :)) -+- Dom in Guide du linuxien pervers - "J'aime pas les Makefile !" -+- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86wur5o0r4.fsf>