Hi folks, I'm wondering if someone please could clarify some IPSec specific questions to me?
IPSEC_FILTERGIF: What are the consequences when enabling this if one does use IPSEC (or FAST_IPSEC) w/o any GIF tunnels? Are there any or does IPSEC_FILTERGIF only influence packet flow with gif devices? NOTES says: # Set IPSEC_FILTERGIF to force packets coming through a gif tunnel # to be processed by any configured packet filtering (ipfw, ipf). # The default is that packets coming from a tunnel are _not_ processed; # they are assumed trusted. But I've found signs in the archives even while not using gif tunnels with IPSec packets are getting filtered with FILTERGIF option. I might be wrong about this. device enc: I haven't been aware of the fact that we already have such a device. There's a man page (man 4 enc) but it's not in NOTES or GENERIC. Is the enc(4) man page correct and up to date? Shouldn't there at least be a note in NOTES somewhere around the options FAST_IPSEC line with a hint for enc(4)? Is just compiling device enc into the kernel, using options FAST_IPSEC and passing (or blocking) traffic on interface enc0 using pf rules all one has to do? IPSEC / FAST_IPSEC: What is the (say) 'official' recommended option to use? Where are the differences, what are the consequences while using one or the other? Will both do the same w/o any consequences for the admin? I'm currently in the process of checking for migration to racoon2 and need to re-check every IPSec related setup. Thanks, Volker _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
