From owner-freebsd-net Mon Sep 10 11:48:29 2001 Delivered-To: freebsd-net@freebsd.org Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by hub.freebsd.org (Postfix) with ESMTP id D9CFC37B405 for ; Mon, 10 Sep 2001 11:48:23 -0700 (PDT) Received: from isi.edu (hbo.isi.edu [128.9.160.75]) by boreas.isi.edu (8.11.6/8.11.2) with ESMTP id f8AIlvQ27738; Mon, 10 Sep 2001 11:47:57 -0700 (PDT) Message-ID: <3B9D0ADD.2050009@isi.edu> Date: Mon, 10 Sep 2001 11:47:57 -0700 From: Lars Eggert User-Agent: Mozilla/5.0 (X11; U; FreeBSD 4.2-RELEASE i386; en-US; rv:0.9) Gecko/20010529 X-Accept-Language: en, de MIME-Version: 1.0 To: Matthew Emmerton Cc: Brian Somers , JINMEI Tatuya / =?ISO-8859-1?Q?=3F=3F=3F=3F?= , freebsd-net@FreeBSD.ORG Subject: Re: Forward: Re: ping gif0 References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Matthew Emmerton wrote: > I have this: > > spdadd 10.0.2.0/26 10.0.2.128/28 any -P in ipsec > esp/tunnel/209.167.75.124-209.167.75.123/require; > spdadd 10.0.2.128/28 10.0.2.0/26 any -P out ipsec > esp/tunnel/209.167.75.123-209.167.75.124/require; > > Although now I'm slightly confused since I had switched from 'tunnel' to > 'transport' after someone pointed out that since gif is a tunnel, I don't > have to rely on IPSec's 'tunnel' mode do do the encapsulation. You're using transport mode SAs (over an IP tunnel, but still not "IPsec tunnel mode"), so this should be "transport" not "tunnel". Lars -- Lars Eggert Information Sciences Institute http://www.isi.edu/larse/ University of Southern California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message