Alexey Kuznetsov wrote:
Hello!
I'm thinking that David definitely has a point about having a usability
problem, though. All other kind of tunnels have endpoint devices
associated with them, and that would make all these kinds of problems go
away,
Yes, when you deal with sane practical setups, this approach is the only
reasonable one.
Unfortunately, IPsec is not something totally sane and practical :-),
"security gateway" case is small part of it and "routing" viewpoint
clashes fatally with another requirements. Pure result is that we use approach
where it is possible to do everything with some efforts, rather than approach
which is simple and intuitive, but does not allow to do many things.
Fair enough. However, that does beg a question: is there any sane way
to create the pseudo-device model on top of the current model, as a
convenience layer? That way you could get the best of both.
-hpa
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
