> Should a tunnel endpoint show up in route advertisements sent from
> rip/gated/zebra running on the FreeBSD 4.3-Stable system?
Depends on if your routing protocol advertises over point-to-point links
(like gif interfaces). If so, you should see virtual interfaces being
advertised.
> My guess is that for IPIP (e.g. gif interfaces), both remote endpoints
> (outer IP address & inner IP address) are added to the local route table
> since FreeBSD sees them as 2 interfaces.
No. Adding a virtual interface adds one route for the virtual (= inner)
IP address. The outer address is that of another interface, and thus
already there.
> It seems that ifconfig should
> (or at least could) just add the route for gif0 just as it would for
> xl0. Is this the case?
Yes. (Look at netstat -r after an ifconfig on a gif.)
> For _IPSec_ tunnels, I'm not as sure. I don't see any existing
> mechinism that I'm familiar with such as ifconfig. Any ideas?
IPsec tunnels (on FreeBSD) are not devices, and thus not represented in
the routing table at all. Tunneling is done based on the IPsec SA
database, which is separate and not integrated with the routing table at
all.
> I prefer IPSec tunnels for encryption of the internet, but can live (for
> now) with IPIP if it does the job.
IPsec transport mode combined with IPIP tunnels does the trick (dynamic
routing + IPsec). See
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-01.txt
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
