Date: Mon, 5 Aug 2002 14:51:42 -0400 (EDT) From: Trish Lynch <trish@bsdunix.net> To: =?iso-8859-2?Q?Maciej_Wi=B6niewski?= <mailman@crypton.pl> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: [Q] FreeBSD IPSec Discussion. Message-ID: <20020805144624.E482-100000@femme.sapphite.org> In-Reply-To: <20020803072211.A13088@killer.crypton.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Aug 2002, [iso-8859-2] Maciej Wi=B6niewski wrote: > Hello > > I have one question: why you use gif interface while esp doing all job fo= r you without any additional gif interfaces ??? the short answer is "because it works" the longer answer is that the person who set up prior tunnels on here did it via gif interfaces, I find that its nice to be able to physically see where my tunnels are between in the output of "ifconfig" as well. It also helped a lot when troubleshooting and visualizing the output of setkey -DP and the logs from racoon. > I have some network of gateways tunneling IP packets via IPSec and it's p= retty stable to. And I don't use any gifs or other extra toys: just clean I= PSec configuration. > Maybe it's something about which I should know ? > > Regards > Nomad > like I said, whatever works, between the ravlin, the esp is on the public and then the private net addresses are "in the clear" within the encapsulation. I know what interfaces are working, and can see the routes through 'netstat -rn' , the use of the gif interfaces enables me to separate things a bit for my own visualization and troubleshooting purposes. Considering theres very little information on how to set these things up, most people fiure them out by trial and error. I'm sorry I haven't gotten around to documenting, but I went on a trip to WV this weekend for some relaxation :) -Trish -- Trish Lynch=09=09=09=09=09trish@bsdunix.net FreeBSD=09=09=09=09=09=09The Power to Serve Ecartis Core Team=09=09=09=09trish@listmistress.org http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020805144624.E482-100000>