Hello! > <sarcasm> > > What I great idea. Now I just have to get every host I want to > interoperate with to support a nonstandard configuration. The scary > part is that if I motivate it with "Linux is too stupid to handle > standard tunnel-mode IPsec" I might actually get away with it.
sarcasm mode is not accepted. Linux does exactly "standard tunnel-mode IPsec". It does not give you device to make you totally happy. Probably, you are not aware that "standard IPsec tunnel device", if it is created: 1. Probably, will not accept fragmented frames, because IPsec cannot handle them 2. Probably, will have undefined MTU (65536), because of 1 3. Probably, will screw up TCP because of 2 etc. Actually, this is the reason why it is not implemented. It is dirty business. :-) And the person, who implements this, has to be really... unscrupulous. :-) Alexey - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
