>>>>> "Lars" == Lars Eggert <[EMAIL PROTECTED]> writes:
Lars> Alternatively (and already working), you can replace IPsec tunnel Lars> mode with IPIP (gif) tunnels and transport mode, and then use the Lars> gif device in your firewall rules. If transport mode can be used to connect to a pix, it's a solution to consider, but atm, I've found no reference to such a setup on the pix. I've tried gif tunnels with ipsec tunnel mode and didn't get reproduceable results, this setup worked once with the following gif setup : #!/bin/sh if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/${0##*/}\$"); then echo "$0: Cannot determine the PREFIX" >&2 exit 1 fi case "$1" in start) # Setup Chantilly local_extern=XXX.XXX.XXX.XXX remote_extern=XXX.XXX.XXX.XXX local_intern=192.168.1.0 remote_intern=192.168.0.0 local_mask=255.255.255.0 remote_mask=255.255.255.0 ifconfig gif0 create ifconfig gif0 tunnel $local_extern $remote_extern ifconfig gif0 inet $local_intern netmask $local_mask $remote_intern netmask $remote_mask echo -n ' tunnel' ;; stop) ifconfig gif0 destroy echo -n ' tunnel' ;; *) echo "Usage: `basename $0` {start|stop}" >&2 exit 64 ;; esac exit 0 Next time, after a reboot (kernel switch) no packets were flowing thru the gif tunnel. I gave up and switched back to plain ipsec tunnel without gifs, hence the original question. Eric Masson -- PR> tu es en avance d'un an pour le nouveau millénaire il me semble que (2000) est bien le nouveau millenaire justement par contre on change de siecle l'annee prochaine en 2001 -+- kiboot in http://www.le-gnu.net : Émile énerve pour l'an d'Émile. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"