From owner-freebsd-security Mon Nov 12 19:33:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38]) by hub.freebsd.org (Postfix) with ESMTP id B22F537B405 for ; Mon, 12 Nov 2001 19:33:23 -0800 (PST) Received: from [192.168.69.11] (unknown [192.168.69.11]) by warez.scriptkiddie.org (Postfix) with ESMTP id 5036262D01; Mon, 12 Nov 2001 19:33:23 -0800 (PST) Date: Mon, 12 Nov 2001 19:33:25 -0800 (PST) From: Lamont Granquist To: =?iso-8859-1?Q?R=E9mi_Guyomarch?= Cc: FreeBSD Security List Subject: Re: Bump-in-the-Road IPsec? In-Reply-To: <20011113033151.A56326@diabolo.ifn.fr> Message-ID: <20011112193144.N1819-100000@coredump.scriptkiddie.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 13 Nov 2001, [iso-8859-1] R=E9mi Guyomarch wrote: > On Tue, Nov 13, 2001 at 03:14:38AM +0100, R=E9mi Guyomarch wrote: > ... > > On OpenBSD, use the gif device, along with IPSec in transport mode > > and the same bridge setup as described below. > > Damn! I just realised that gif(4) only handles IP frames :-( > Still a transparent bridge, but only suitable for IP... > [same thing with gre(4)] only suitable for IP is fine by me. the thing is that i really want these to be two completely seperate networks with real ip #s. the stuff i've found on the net so far suggests using gif to bridge between two remote networks that share the same private ip space. > So far, for full ethernet-over-ip the only solution I see is vtun with > a tap(4) device. Maybe someone there will feel creative with netgraph ? ;= ) i'll have to check out vtun+tap... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message