> > Once you've got the gif tunnel working, say with top addresses
> > 10.0.0.1 and 10.0.0.2 and tunnel addresses 1.2.3.4 and 5.6.7.8,
> > create an /etc/ipsec.conf that says:
>
>
> which are the 'top' addresses? outer or inner?
> i.e.
>
> (A)gif0:-------(B)ed0-----<net>--------ed0(C)--------gif0(D)
By ``top'' I mean the gif addresses. By tunnel addresses I mean the
endpoint addresses. For my examples:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 1.2.3.4 --> 5.6.7.8
inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff
> > spdadd 1.2.3.4/32 5.6.7.8/32 ip4 -P in ipsec esp/transport//require;
> > spdadd 5.6.7.8/32 1.2.3.4/32 ip4 -P out ipsec esp/transport//require;
> >
>
> ip4?
> I need to run this on 4.1.1 machines.
You're really better off applying the one-line fix to token.l to
support the ip4 syntax. It removes many problems - especially if you
intend to run NAT on your machines.
You should have the kernel support in 4.1.1.
--
Brian <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
