On Tue, 1 Apr 2003, Sam Leffler wrote:
> Packets are tagged once they've been processed on input. I think you can do
> a similar check with something like:
>
> if (m_tag_find(PACKET_TAG_IPSEC_IN_DONE) != NULL)
> goto pass;
>
> Long term, I intend is to associate packets with an enc device so
Hey
If you are interested, I've just connected to a PIX515 from a 4.7-STABLE
machine in tunnel mode using racoon. In my setup I did not use a gif
tunnel. There is a doc available here:
http://klub.chip.pl/nolewajk/work/freebsd/FreeBSD-howto.htm.
that explains the procedure, however it doesnt
> "Lars" == Lars Eggert <[EMAIL PROTECTED]> writes:
Hello Lars,
Lars> what's a pix?
A firewall appliance from cisco :
http://www.cisco.com/warp/public/cc/pd/fw/
Lars> But chances are, you will need to control both endpoints for my
Lars> suggestion to work.
In this case, I don't even kno
Hi,
I'm going to jump in here too.
We have an issue where we use IPSec tunneling to wireless clients.
Currently we associate two IP on the external interface, the public one and
then tunneled one.
We are however forced to use NATD instead of IPFILTER for NAT because
IPFILTER does its NAT work be
Eric,
On 4/2/2003 7:58 AM, Eric Masson wrote:
"Lars" == Lars Eggert <[EMAIL PROTECTED]> writes:
Lars> Alternatively (and already working), you can replace IPsec tunnel
Lars> mode with IPIP (gif) tunnels and transport mode, and then use the
Lars> gif device in your firewall rules.
If transport m
> "Lars" == Lars Eggert <[EMAIL PROTECTED]> writes:
Lars> Alternatively (and already working), you can replace IPsec tunnel
Lars> mode with IPIP (gif) tunnels and transport mode, and then use the
Lars> gif device in your firewall rules.
If transport mode can be used to connect to a pix, it
> "Sam" == Sam Leffler <[EMAIL PROTECTED]> writes:
Sam> Wow, someone besides me actually using fast ipsec! :)
You're not alone ;)
Sam> Packets are tagged once they've been processed on input. I think
Sam> you can do a similar check with something like:
Ok patch against 4.8-RELEASE attach
> On 4/1/2003 11:03 AM, Sam Leffler wrote:
> >
> > Long term, I intend is to associate packets with an enc device so
> > there's a way to identify these packets when writing firewall rules.
>
> Alternatively (and already working), you can replace IPsec tunnel mode
> with IPIP (gif) tunnels and tran
On 4/1/2003 11:03 AM, Sam Leffler wrote:
Long term, I intend is to associate packets with an enc device so
there's a way to identify these packets when writing firewall rules.
Alternatively (and already working), you can replace IPsec tunnel mode
with IPIP (gif) tunnels and transport mode, and the
Sam Leffler wrote:
Wow, someone besides me actually using fast ipsec! :)
At least two of us, besides you...
Packets are tagged once they've been processed on input. I think you can do
a similar check with something like:
if (m_tag_find(PACKET_TAG_IPSEC_IN_DONE) != NULL)
goto pass;
Long term,
> I'm using IPSEC tunnels to join different gateways over the Internet.
>
> I've made some trials with FAST_IPSEC today (I've received a Soekris
> VPN1201) and i'm facing a problem with incoming packets.
>
> The following code snippet from /sys/netinet/ip_input.c permits
> detunneled packets to flo
Hello
I'm using IPSEC tunnels to join different gateways over the Internet.
I've made some trials with FAST_IPSEC today (I've received a Soekris
VPN1201) and i'm facing a problem with incoming packets.
The following code snippet from /sys/netinet/ip_input.c permits
detunneled packets to flow wit
12 matches
Mail list logo
