Date: Fri, 02 Aug 2002 14:56:39 +0200 From: Eric Masson <e-masson@kisoft-services.com> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: Matthew Grooms <mgrooms@seton.org>, dlavigne6@cogeco.ca, Mailing List FreeBSD Security <freebsd-security@FreeBSD.org> Subject: Re: esp tunnel without gif(4) [Was Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...] Message-ID: <86k7n9qv08.fsf@notbsdems.nantes.kisoft-services.com> In-Reply-To: <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com> (Eric Masson's message of "Fri, 02 Aug 2002 09:44:08 %2B0200") References: <sd455602.090@aus-gwia.aus.dcnhs.org> <20020730074813.GF89241@blossom.cjclark.org> <86znw5r9h3.fsf_-_@notbsdems.nantes.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Emss" == Eric Masson <e-masson@kisoft-services.com> writes: >>>>> "Crist" == Crist J Clark <crist.clark@attbi.com> writes: Follow-up to myself and -security re-added. Crist> I've never figured out why people use gif(4) interfaces when ESP Crist> does the tunneling for you. Emss> Maybe because I've never succeeded establishing a esp tunnel Emss> beetween two lans without gif(4). I've tried without gif tunnel (erroneous rc.conf modification) and it works, maybe murphy's law had prevented this before ;) There's one question still remaining : - if there are more than one esp tunnel configured, how is traffic routed ? Example : - One esp tunnel from 192.168.0.1 to 10.93.0.1 - One esp tunnel from 192.168.0.1 to 10.44.0.1 With only one tunnel configured, netstat -rn on the security gateway doesn't show any routes to the remote networks nor host. With a second tunnel added, are there any additionnal configuration steps or will the kernel do the routing automagically ? Links or example setup if needed ? Thanks in advance Eric Masson -- Bref, j'en ai lu des conneries dans fufe, j'en ai même écrit, mais là, on flirte avec le ruban bleu. -+- RM in : <http://www.le-gnu.net>; - Ca mérite le GNUban bleu -+- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k7n9qv08.fsf>