Date: Sun, 4 Aug 2002 12:24:10 +0200 From: Borja Marcos <borjamar@sarenet.es> To: <freebsd-security@FreeBSD.ORG> Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG toipsec/racoontroubles, help please ...] Message-ID: <200208041224.10309.borjamar@sarenet.es> In-Reply-To: <sd4ab7c6.030@aus-gwia.aus.dcnhs.org> References: <sd4ab7c6.030@aus-gwia.aus.dcnhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 02 August 2002 23:47, Matthew Grooms wrote: > Its only backwards if you are used to implimenting IPSEC communications > in a non-giff'd confguration. As mentioned before, this is endorsed by > many how-to's available. If you don't like this method, don't use it. I > for one prefer the giffed alternative but will be more than happy to > admit that the benifits appear to be mostly cosmetic. =09I am not using gif right now, but I see two important advantages. =09I suppose it will be possible to put firewall rules in a gif interface= =2E=20 Imagine that you establish a tunnel with a not so trusted party, only for= a=20 limited purpose. =09I suppose as well that it is possible to sniff traffic in a gif interf= ace.=20 Tools such as Argus, Ntop, can be used with encrypted tunnels. Otherwise,= you=20 are blind. =09Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208041224.10309.borjamar>