Date: Mon, 7 Jan 2002 11:03:51 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipsec setup question Message-ID: <20020107110351.A28802@Odin.AC.HMC.Edu> In-Reply-To: <20020107105827.A28192@Odin.AC.HMC.Edu>; from brooks@one-eyed-alien.net on Mon, Jan 07, 2002 at 10:58:27AM -0800 References: <Pine.GSO.4.33.0201071348210.16221-100000@gradient.cis.upenn.edu> <20020107105827.A28192@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Jan 07, 2002 at 10:58:27AM -0800, Brooks Davis wrote: > > Also I would like to nest tunnels and by that I mean > > > > say have an end to end tunnel with ESP but have each intermediate router > > (there are two of them) check AH headers on the packet. Anyone see any > > problems with this. > > No clue. Actually nesting gif tunnels requires that you define > XBONEHACK when building your kernel. Oops that's incorrect. The variable you must define is MAX_GIF_NEST, XBONEHACK allows parallel tunnels. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8OfEWXY6L6fI4GtQRAnflAJ4m8il+KSJcEURGJalimLtrf35rdwCgnTaC DTRQUP54kVZs6k7ujscyNnc= =JSw/ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107110351.A28802>