Bjoern A. Zeeb (bzeeb-lists) writes:
>
> You do not "route" IPsec traffic. You define apropriate policies and
> be done. You only need gif(4) if you really want to route and use a
> link-state protocol.
... and want to do egress filtering, prioritization, and other
things you can only really do for packets that travel in and out
of an interface. The problem with the triangle home - pcolo - ocolo
is that it doesn't scale. Hub-and-spoke is easier but then you need
interfaces to route on.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
