On Mon, Aug 21, 2006 at 06:28:30PM +0200, Jeremie Le Hen wrote: > Hi Andrew, > > On Fri, Aug 18, 2006 at 11:58:08PM +0400, Andrew Pantyukhin wrote: > > I'm actually trying to marry FreeBSD to PIX. The latter only > > supports IPSec (tunnel/transport). I'm still struggling with > > firewalls on both sides, but tunnel-tunnel works right now. > > I'm a bit puzzled because the howto I see > > (http://www.bshell.com/projects/freebsd_pix/) uses gif(4) > > with tunnel-mode IPSec. Either something is wrong with > > the way things work or the author doesn't understand what > > he's doing (or both). The bitter thing is that we have a > > similar setup in our handbook: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > > As is has indeed already been stated in this thread, IPSec tunnel mode > shunts the routing table. However the new enc(4) interface that Andrew > Thompson has imported from OpenBSD allows to filter IPSec traffic in a > more natural way. Maybe it also brings the ability to route IPSec > tunnels, or even bridge them with if_bridge(4). I Cc'ed him for > clarification.
At the moment enc(4) isnt really a real interface and while ipsec traffic seems to pass through it, it actually doesnt. The ipsec code just calls the enc code which does pfil/bpf with a preallocated enc0. Im sure this could be extended to allow routing and other tricks. Andrew _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
