Date: Fri, 03 Jan 2003 07:41:48 -0800 From: Lars Eggert <larse@ISI.EDU> To: Pekka Nikander <pekka.nikander@nomadiclab.com> Cc: Eric Masson <e-masson@kisoft-services.com>, freebsd-net@FreeBSD.ORG Subject: Re: IPsec / ipfw interaction in 4.7-STABLE: a proposed change Message-ID: <3E15AF3C.5020105@isi.edu> In-Reply-To: <3E15604B.3040505@nomadiclab.com> References: <3E144753.7020905@nomadiclab.com> <86k7hnz4hp.fsf@notbsdems.nantes.kisoft-services.com> <3E15604B.3040505@nomadiclab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 1/3/2003 2:04 AM, Pekka Nikander wrote:
>
> Well, IMHO the best way would be to have a separate interface
> for each tunnel end point. That would allow most fine grained
> control, and would be easiest to understand.
Take a look at the draft-touch-ipsec-vpn-04.txt ID ; if you can use the
approach we describe there (IPIP tunnels + IPsec transport mode), you
get this functionality free, because rcvif will be the IPIP tunnel a
packet came in on.
Lars
--
Lars Eggert <larse@isi.edu> USC Information Sciences Institute
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
�� 080fErtcvE.0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
000830000000Z
040827235959Z01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.3000
*H
��0�32c %E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ
|CBPQ<9TIf�- ki�N0L0)U
"0
0
10UPrivateLabel1-2970U
0�0
U
0
*H
��1KG]qSl]y=&b""I'{9$
*8PUl
LGl
X1B li+@]jy.%݊
Z<D&iHΥbb090%A0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
020824185339Z
030824185339Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu0"0
*H
��0
�6Fxΰ7a
ED&0+Dj)ֽXCUcnleijmz~S0J
�jWV~ 1^({IݛLjӖ
ao:bP}WLVܱ욗cD
ɖ_Kv.A(W4
9;Z8-uXE
6b
@_0%#d`
Rto5 L0R`w@7
r Hcc U 3%7 N_o�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��]Ȕ,fK<
cj
RZeLa
n@Z6,=
fK?yO#8+
Ni*LSfpQg
<(aӒ$kTx_AL1>ގ|S090%A0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
020824185339Z
030824185339Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu0"0
*H
��0
�6Fxΰ7a
ED&0+Dj)ֽXCUcnleijmz~S0J
�jWV~ 1^({IݛLjӖ
ao:bP}WLVܱ욗cD
ɖ_Kv.A(W4
9;Z8-uXE
6b
@_0%#d`
Rto5 L0R`w@7
r Hcc U 3%7 N_o�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��]Ȕ,fK<
cj
RZeLa
n@Z6,=
fK?yO#8+
Ni*LSfpQg
<(aӒ$kTx_AL1>ގ|S10001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0 +�0 *H
1
*H
0
*H
1
030103154148Z0# *H
1Wut~3nB5.E0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0 +71001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0
*H
101
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30%A0
*H
��,FPBgg8ێqH�Mc͉<|r
u=Cn9Vz%!M_ZAw%/a*BXb-
j<a=&4j,PmFXZÕn=1%ߖ,z7eQylzV mA)/aR B_7}
ݼ\P//njF.^ֵb2%&8"*RPܞ⬊������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E15AF3C.5020105>