Date: Wed, 28 Dec 2005 16:26:43 +0100 From: Eric Masson <e-masson@kisoft-services.com> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-net@freebsd.org Subject: Re: IPSEC documentation Message-ID: <86lky5p7ik.fsf@srvbsdnanssv.interne.kisoft-services.com> In-Reply-To: <20051228143817.GA6898@uk.tiscali.com> (Brian Candler's message of "Wed, 28 Dec 2005 14:38:17 %2B0000") References: <20051228143817.GA6898@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Candler <B.Candler@pobox.com> writes: Hi, > The IPSEC documentation at > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html is > pretty weird. It suggests that you encapsulate your packets in IP-IP (gif) > encapsulation and THEN encapsulate that again using IPSEC tunnel mode. Well transport mode is sufficient and imho logical in this setup, that's right. > ISTM that this chapter should be rewritten to use IPSEC tunnel mode solely. > Do people here generally agree ? No. gif/gre tunnels and ipsec transport mode are quite convenient when associated with dynamic routing protocols. Adding a section about pure ipsec tunnels would be a better approach (check handbook cvs history, iirc, ipsec tunnels were described in a previous version) Éric Masson -- Je vous ferez remarquer chers câblés et très très chères câblées qu'un simple message INNOCENT (j'insiste) a engendré près de 10 réponses !!! -+- PC in <http://www.le-gnu.net>; : Tous coupables, tous. -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86lky5p7ik.fsf>