On Jan 3, 2012, at 12:12 AM, Damien Fleuriot wrote: > Thinking -pf@ or -net@ would be a better place to discuss this, more chances > of getting an answer.
I was wondering about that. I'll send my question to -net@ to start. Thanks. > Out of curiosity why not use a gif interface ? > I had that working just fine with racoon and was able to actually firewall > traffic on it with PF, iirc. From what I understand of gif interfaces, they are useful when IPSec is handling the tunnel pretty much end-to-end, and just needs a passthrough interface to direct traffic to and from. If I am wrong about this, please let me know. The reason why I'm using netgraph instead is because the LNS is not run by me, and there is no other way of connecting to the other end but via L2TP/IPSec. If there is a way to use L2TP, and leverage a gif interface to complete the loop on my end, I'd be interested to hear about it. Thanks, Ed Carrel_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
