Julian Elischer wrote: > On Tue, 13 Aug 2002, Les Biffle wrote: >>I want to do the following: >> >>1. Create "n" IPSEC VPN tunnels >>2. Create "n" VLAN pseudo interfaces >>3. Route IP Packets based on their arrival iface/tunnel out through >> a corresponding tunnel/iface. >> >>For example, I want to route all packets received through VPN tunnel "2" >>out through VLAN "2," and all packets received on VLAN "2" out through >>VPN "2," without regard to source or destination IP Addresses. > > incoming packets should be selectabl in ipfw by using the > clause > "in recv gif0"
Minor point: IPsec tunnel mode tunnels aren't gif tunnels - he'd need to use IPIP tunnels + IPsec transport mode in that case (see draft-touch-ipsec-vpn04.txt), which I recommend anyway, of course :-) I hadn't thought of using the ipfw "in" selector, good idea! Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
