From owner-freebsd-questions Tue Jul 30 2:34: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EAEF37B400; Tue, 30 Jul 2002 02:33:57 -0700 (PDT) Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6FB9443E67; Tue, 30 Jul 2002 02:33:56 -0700 (PDT) (envelope-from d.m.pick@qmul.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.32 #1) id 17ZTNz-0002GX-00; Tue, 30 Jul 2002 10:33:47 +0100 Received: from localhost ([127.0.0.1] helo=xi.css.qmw.ac.uk) by xi.css.qmw.ac.uk with esmtp (Exim 3.34 #1) id 17ZTNW-0000Y3-00; Tue, 30 Jul 2002 10:33:18 +0100 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "Crist J. Clark" Cc: Matthew Grooms , dlavigne6@cogeco.ca, freebsd-questions@FreeBSD.ORG, D.M.Pick@qmul.ac.uk Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... In-reply-to: Your message of "Tue, 30 Jul 2002 00:48:13 PDT." <20020730074813.GF89241@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 30 Jul 2002 10:33:18 +0100 From: David Pick Message-Id: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I've never figured out why people use gif(4) interfaces when ESP does > the tunneling for you. Perhaps because with some packet-filter facilities you can't filter both the outer packet headers (IPSEC headers) *and* the inner packet headers (TCP, UDP, &c) if they appear to be associated with the same interface; with a formal gif(4) tunnel you can filter the outer headers on the physical interface and the inner headers on the gif(4) interface. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message