Date: Wed, 17 Dec 2003 09:32:31 +0100 (MET) From: Helge Oldach <helge.oldach@atosorigin.com> To: e-masson@kisoft-services.com (Eric Masson) Cc: freebsd-net@freebsd.org Subject: Re: gre tunnel & ipsec transport mode Message-ID: <200312170832.JAA27711@galaxy.hbg.de.ao-srv.com> In-Reply-To: <86brq8s773.fsf@t39bsdems.interne.kisoft-services.com> from Eric Masson at "Dec 16, 2003 11:56:16 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Masson: >I'm experimenting dynamic routing protocols in a vpn setup. Ipsec tunnel >mode is not applicable here as selectors do not appear in system routing >table. I think the problem is that you need multicasts to exchange routing updates through the tunnel. If I am not mistaken that is supported with gif interfaces as well. Maybe you could do away with gif? >On destination box, tcpdump shows incoming ipsec gre transformed >packets, but these packets don't make their way to internal interface, >and are silently dropped (no log anywhere) This is odd. Do you have a chance to test this against another IPSec box, e.g. a Cisco router configured with a GRE Tunnel interface? Helge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312170832.JAA27711>