Date: Tue, 1 Oct 2002 14:21:30 +0200 From: Guido van Rooij <guido@gvr.org> To: freebsd-net@freebsd.org Subject: non-transparent IPsec via a tun interface? Message-ID: <20021001122130.GA14155@gvr.gvr.org>
next in thread | raw e-mail | index | archive | help
I have a firewall system that has a dedicated interface on which nly IPsec traffic is going out and comming in. The firewall encrypts and decrypts these packets. I am using Ipfilter on that system and I would like to filter on the unencrypted content, both incoming and outgoing. The problem is that on the "IPsec interface" I only see the encrypted traffic. Is there a way to make IPsec be non-transparent? E.g: have a /dev/tun interface that is the non-encrypted variant of the dedicated ipsec interface? (I route pakets into the tun interface and they are encrypted and put out of the real dedicated interface, and vice versa: if IPsec traffic come into the real interface, they are decrypted and send thorugh the tunnel) -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021001122130.GA14155>