Date: Mon, 10 Sep 2001 11:47:57 -0700 From: Lars Eggert <larse@ISI.EDU> To: Matthew Emmerton <matt@gsicomp.on.ca> Cc: Brian Somers <brian@freebsd-services.com>, JINMEI Tatuya / =?ISO-8859-1?Q?=3F=3F=3F=3F?= <jinmei@isl.rdc.toshiba.co.jp>, freebsd-net@FreeBSD.ORG Subject: Re: Forward: Re: ping gif0 Message-ID: <3B9D0ADD.2050009@isi.edu> References: <Pine.BSF.4.21.0109101249310.35071-100000@xena.gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Emmerton wrote: > I have this: > > spdadd 10.0.2.0/26 10.0.2.128/28 any -P in ipsec > esp/tunnel/209.167.75.124-209.167.75.123/require; > spdadd 10.0.2.128/28 10.0.2.0/26 any -P out ipsec > esp/tunnel/209.167.75.123-209.167.75.124/require; > > Although now I'm slightly confused since I had switched from 'tunnel' to > 'transport' after someone pointed out that since gif is a tunnel, I don't > have to rely on IPSec's 'tunnel' mode do do the encapsulation. You're using transport mode SAs (over an IP tunnel, but still not "IPsec tunnel mode"), so this should be "transport" not "tunnel". Lars -- Lars Eggert <larse@isi.edu> Information Sciences Institute http://www.isi.edu/larse/ University of Southern California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B9D0ADD.2050009>