From owner-freebsd-security Wed Dec 8 1: 3: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with ESMTP id 0644D14D8A for ; Wed, 8 Dec 1999 01:02:53 -0800 (PST) (envelope-from robinson@netrinsics.com) Received: from netrinsics.com (bt-209-166.bta.net.cn [202.106.209.166]) by public.bta.net.cn (8.9.3/8.9.3) with ESMTP id RAA10460 for ; Wed, 8 Dec 1999 17:04:26 +0800 (CST) Received: (from robinson@localhost) by netrinsics.com (8.9.3/8.8.7) id RAA04848; Wed, 8 Dec 1999 17:03:28 +0800 (CST) (envelope-from robinson) Date: Wed, 8 Dec 1999 17:03:28 +0800 (CST) From: Michael Robinson Message-Id: <199912080903.RAA04848@netrinsics.com> To: freebsd-security@freebsd.org, jomor@ahpcns.com Subject: Re: can IPFW & NAT co-exist with kame IPSEC? In-Reply-To: <384DBE98.D44DE01@ahpcns.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org jomor writes: >Does pipsecd require ppp or will it work with ethernet too? I want to use this >with an Ethernet connected DSL router. Pipsecd is pretty much a black box. It opens a tun device. Straight IP packets go in one end, and esp packets pop out the other. The esp packets then go through the normal routing process until they find the other end of the tunnel; the process is reversed, and the original IP packets pop out. So, yes it works with ethernet (as on my coloc server, for example), and probably any other IP interface you might come up with. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message