> "Pekka" == Pekka Nikander <[EMAIL PROTECTED]> writes:
Pekka> Well, IMHO the best way would be to have a separate interface
Pekka> for each tunnel end point. That would allow most fine grained
Pekka> control, and would be easiest to understand.
I was thinking of a virtual interface pour e
On Fri, Jan 03, 2003 at 11:45:25AM +0200, Pekka Nikander wrote:
> Brooks Davis wrote:
> > loif[] is evil and its use should not be extended. In any case, NLOOP
> > no longer exists in current since loopback interfaces are clonable. If
> > you didn't want to adopt OpenBSD's enc interface, an alter
On 1/3/2003 2:04 AM, Pekka Nikander wrote:
Well, IMHO the best way would be to have a separate interface
for each tunnel end point. That would allow most fine grained
control, and would be easiest to understand.
Take a look at the draft-touch-ipsec-vpn-04.txt ID ; if you can use the
approach
On Fri, Jan 03, 2003 at 01:36:28PM +0200, Pekka Nikander wrote:
> Paul Schenkeveld wrote:
> > Because of the way IPsec and ipfw/ipfilter interact, I've
> > moved to the following workaround:
> ...
> > Now I use transport mode instead of tunnel mode between the two
> > external IP addresses:
> ...
>
Paul Schenkeveld wrote:
Because of the way IPsec and ipfw/ipfilter interact, I've
moved to the following workaround:
...
Now I use transport mode instead of tunnel mode between the two
external IP addresses:
...
Although this is not the solution to your problem, it shows a
behaviour close to w
On Fri, Jan 03, 2003 at 12:04:59PM +0200, Pekka Nikander wrote:
> Eric Masson wrote:
> > Seems pretty close to what OpenBSD has implemented, except they don't
> > use the stock loopback interface.
> >
> > Their enc(4) driver is a software loopback interface :
> >
>http://www.openbsd.org/cgi-bin/m
Eric Masson wrote:
Seems pretty close to what OpenBSD has implemented, except they don't
use the stock loopback interface.
Their enc(4) driver is a software loopback interface :
http://www.openbsd.org/cgi-bin/man.cgi?query=enc&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current
Thanks for the
Brooks Davis wrote:
loif[] is evil and its use should not be extended. In any case, NLOOP
no longer exists in current since loopback interfaces are clonable. If
you didn't want to adopt OpenBSD's enc interface, an alternate solution
might be to set up an ioctl to allow you to register the interf
[Sorry to reply to the wrong message, but I missed this earlier.]
On Thu, Jan 02, 2003 at 09:22:26PM +0100, Eric Masson wrote:
> > "Pekka" == Pekka Nikander <[EMAIL PROTECTED]> writes:
>
> Pekka> Now, as a small step to that direction I made the following
> Pekka> small hack to netinet6/esp
> "Pekka" == Pekka Nikander <[EMAIL PROTECTED]> writes:
Pekka> Now, as a small step to that direction I made the following
Pekka> small hack to netinet6/esp_input.c It changes the ESP tunneled
Pekka> packets to look like they were coming from the loopback
Pekka> interface. And it works lik
A fairly recent change in 4.7-STABLE modified the way
IPsec ESP tunneled packets are handled by the ipfw code.
There was a brief thread on this at the freebsd-stable
mailing list in the end of November, see for example
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=270433+0+archive/2002/freebsd-stabl
11 matches
Mail list logo
