Stephen J. Bevan wrote:
> Really... if saying our configuration is so screwed up that we have to
> run a different over-wire protocol isn't an admission of failure I don't
If you use ipip the over-wire protocol is identical, see RFC 3884
section 3.1 or you can test it right now using manual keying (remote
side uses tunnel mode, your side uses transport + ipip). To use IKE
pluto would need to be hacked a bit, though most of the changes could
be handled via a updown script.
Interesting. It might be interesting to implement userspace (e.g.
OpenSwan) in such a way that all tunnel-mode IPsec is implemented this
way automatically, using an ipip interface in the kernel.
-hpa
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
