Date: Mon, 21 Aug 2006 18:50:25 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Andrew Pantyukhin <infofarmer@FreeBSD.org> Cc: net@freebsd.org Subject: Re: [fbsd] Re: Routing IPSEC packets? Message-ID: <20060821165025.GB58048@obiwan.tataz.chchile.org> In-Reply-To: <cb5206420608210945q2c6659f8oa52644727510dd18@mail.gmail.com> References: <44E58E9E.1030401@FreeBSD.org> <44E5F19E.9070600@isi.edu> <cb5206420608181236h34c0b85fwffc93bdd6c6979f4@mail.gmail.com> <44E619F7.7030300@isi.edu> <cb5206420608181258w3c845f93w589525e4c7293816@mail.gmail.com> <20060821162830.GA58048@obiwan.tataz.chchile.org> <cb5206420608210945q2c6659f8oa52644727510dd18@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Anndrew, On Mon, Aug 21, 2006 at 08:45:54PM +0400, Andrew Pantyukhin wrote: > On 8/21/06, Jeremie Le Hen <jeremie@le-hen.org> wrote: > >As is has indeed already been stated in this thread, IPSec tunnel mode > >shunts the routing table. However the new enc(4) interface that Andrew > >Thompson has imported from OpenBSD allows to filter IPSec traffic in a > >more natural way. > > My understanding is that "options IPSEC_FILTERGIF" > already forces decoded packets to show up on the > interface: > > http://lists.freebsd.org/pipermail/freebsd-bugs/2005-December/016074.html I agree with this, that's why I said "... allows to filter IPSec traffic _in a more natural way_". IPSEC_FILTERGIF is a kind of hack IMHO, though it has revealed itself to be very useful for many years. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060821165025.GB58048>