ipsec: tunneling with compression

Oles' Hnatkevych Fri, 09 Nov 2001 00:14:26 -0800

Hello freebsd-net,

  Having read mans and papers and web still can not figure
  out HOW can I setup IPSEC tunneling WITH compression


  so far all I do is manual SA setup
  that looks like

add 192.168.1.128 192.168.1.129 esp 10010 -E 3des-cbc "101010101010101010101010";
add 192.168.1.129 192.168.1.128 esp 10011 -E 3des-cbc "010101010101010101010101";
add 192.168.1.128 192.168.1.129 ipcomp 10005 -C deflate;
add 192.168.1.129 192.168.1.128 ipcomp 10006 -C deflate;

and SP looks like (1.128-1.129 is a gif0 tunnel)

spdadd 192.168.5.22 192.168.100.17 any -P out ipsec
      ipcomp/transport//require
      esp/tunnel/192.168.1.128-192.168.1.129/require;
spdadd 192.168.100.17 192.168.5.22 any -P in ipsec
      ipcomp/transport//require
      esp/tunnel/192.168.1.129-192.168.1.128/require;

so the questions is:
1. Is it possible in FreeBSD to do tunneling with ESP and IPCOMP?
2. should I use ipcomp/transport//require or ipcomp/tunnel/..../require?
3. what __request__ order should be used - and does it matter at all?
4. if I use ESP, why may I want to use it with AH?
      
With best wishes, Oles' Hnatkevych, http://gnut.kiev.ua, [EMAIL PROTECTED]


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

ipsec: tunneling with compression

Reply via email to