Date: Wed, 22 Oct 2003 12:28:45 +0100 From: Jim Hatfield <subscriber@insignia.com> To: freebsd-security@freebsd.org Subject: IPSec VPNs: to gif or not to gif Message-ID: <u0qcpv0csl3lb1p6a8aioe7qjqjtvd6th9@4ax.com>
next in thread | raw e-mail | index | archive | help
I will shortly be replacing a couple of proprietary VPN boxes with a FreeBSD solution. Section 10.10 of the Handbook has a=20 detailed description of how to do this. However I remember a lot of discussion about a year ago about whether the gif interface was necessary to set up VPNs like this or whether it was just a convenience, for "getting the routing right". A number of people said that gif was not=20 needed but I've never found a step-by-step description of how to set up a lan-to-lan VPN without using it. Is the Handbook the current received wisdom on how to set this up, and is the use of the gif interface indeed necessary? I also remember that the discussions diverted into a problem with ipfw when gif was *not* used, but I haven't found any messages to indicate that it was resolved. I recall suggestions that a new interface esp0 be created so that ipfw could work correctly on both the innner and outer packets of an ESP tunnel. Was that issue ever resolved? jim hatfield
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u0qcpv0csl3lb1p6a8aioe7qjqjtvd6th9>