From owner-freebsd-hackers  Wed Feb 11 12:44:18 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA15679
          for hackers-outgoing; Wed, 11 Feb 1998 12:44:18 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from vdp01.vailsystems.com (root@vdp01.vailsystems.com [207.152.98.18])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15624
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 11 Feb 1998 12:44:01 -0800 (PST)
          (envelope-from hal@vailsys.com)
Received: from crocodile.vale.com (crocodile.vale.com [192.168.128.47]) by vdp01.vailsystems.com (8.8.3/8.7.3) with ESMTP id OAA10695; Wed, 11 Feb 1998 14:43:57 -0600 (CST)
Received: from jaguar.vail.vailsys.com (jaguar.vale.com [192.168.129.46]) by crocodile.vale.com (8.8.3/8.7.3) with ESMTP id OAA11016; Wed, 11 Feb 1998 14:43:56 -0600 (CST)
Date: Wed, 11 Feb 1998 14:43:54 -0600 (CST)
Message-Id: <199802112043.OAA11016@crocodile.vale.com>
From: Hal Snyder <hal@vailsys.com>
To: jra@colltech.com
CC: freebsd-hackers@FreeBSD.ORG
In-reply-to: <199802111737.LAA09605@psasolar.psa.pencom.com>
	(jra@colltech.com)
Subject: Re: IP tunnels ? once again probably
References:  <199802111737.LAA09605@psasolar.psa.pencom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> From: jra@colltech.com
> Date: Wed, 11 Feb 1998 11:37:15 -0600 (CST)
> Content-Type: text/plain; charset=US-ASCII
> Sender: owner-freebsd-hackers@FreeBSD.ORG
> X-Loop: FreeBSD.ORG
> 
> > I thought SKIP could also do tunneling plus it has the added feature
> > of crypto... [Amancio]
> 
> Has anyone modified the SKIP sources so that the LKM compiles under
> -current?  I looked at it a while back, but it fell between the 
> cracks.

I know this doesn't exactly answer the question, but wanted to mention
that we are using Jim Flowers' patch to run SKIP with FreeBSD
2.2.5-RELEASE. We tunnel three RFC-1918 nets over the Internet with
excellent results and plan to add more.

Note that with original SKIP, the source IP addresses of tunneled
packets for such an arrangement will be in RFC-1918 range. This feels
wrong. We program our firewall chokes to drop RFC-1918 coming or
going. John Capo provided a nifty patch to replace the source IP in
tunneled packets with the external IP address of the source
gateway. I've summarized this (crudely) at

  http://www.enteract.com/~hal/skip.html





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe hackers" in the body of the message