Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 5 Aug 2002 14:51:42 -0400 (EDT)
From:      Trish Lynch <trish@bsdunix.net>
To:        =?iso-8859-2?Q?Maciej_Wi=B6niewski?= <mailman@crypton.pl>
Cc:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: [Q] FreeBSD IPSec Discussion.
Message-ID:  <20020805144624.E482-100000@femme.sapphite.org>
In-Reply-To: <20020803072211.A13088@killer.crypton.pl>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 3 Aug 2002, [iso-8859-2] Maciej Wi=B6niewski wrote:

> Hello
>
> I have one question: why you use gif interface while esp doing all job fo=
r you without any additional gif interfaces ???

the short answer is "because it works"

the longer answer is that the person who set up prior tunnels on here did
it via gif interfaces, I find that its nice to be able to physically see
where my tunnels are between in the output of "ifconfig" as well.

It also helped a lot when troubleshooting and visualizing the output of
setkey -DP and the logs from racoon.

> I have some network of gateways tunneling IP packets via IPSec and it's p=
retty stable to. And I don't use any gifs or other extra toys: just clean I=
PSec configuration.
> Maybe it's something about which I should know ?
>
> Regards
>   Nomad
>

like I said, whatever works, between the ravlin, the esp is on the public
and then the private net addresses are "in the clear" within the
encapsulation. I know what interfaces are working, and can see the routes
through 'netstat -rn' , the use of the gif interfaces enables me to
separate things a bit for my own visualization and troubleshooting
purposes.


Considering theres very little information on how to set these things up,
most people fiure them out by trial and error.

I'm sorry I haven't gotten around to documenting, but I went on a trip to
WV this weekend for some relaxation :)

-Trish

--
Trish Lynch=09=09=09=09=09trish@bsdunix.net
FreeBSD=09=09=09=09=09=09The Power to Serve
Ecartis Core Team=09=09=09=09trish@listmistress.org
                   http://www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020805144624.E482-100000>