Date: Fri, 16 Jun 2006 10:43:07 -0500 From: David DeSimone <fox@verio.net> To: freebsd-net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools Message-ID: <20060616154306.GA18578@verio.net> In-Reply-To: <20060616122855.GA29279@uk.tiscali.com> References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brian Candler <B.Candler@pobox.com> wrote: > > Ah, I guess this means you're following the instructions in the > FreeBSD handbook, which last time I looked gave a most bizarre and > unnecessary way of setting up IPSEC (GIF tunneling running on top of > IPSEC *tunnel* mode). I raised it on this list before. I ran into the same thing when analyzing the handbook's examples, and quickly abandoned the handbook when writing my own configs. > Most people are better off just setting up IPSEC tunnel mode. A few > use GIF running on top of IPSEC _transport_ mode (e.g. those running > routing protocols like OSPF over tunnels) The main reason to use IPSEC tunnel mode and avoid GIF is that such a config is interoperable with other IPSEC implementations (Cisco, Checkpoint, etc), and thus is much more useful in the real world. - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEktGKFSrKRjX5eCoRAq7JAJwIljDoGlZu+PDcFRT8842UpvXPkwCfZP8l IXMhmlNoy/++m/CxIoIhfHI= =ftpL -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060616154306.GA18578>