gre tunnel & ipsec transport mode
Helge Oldach
helge.oldach at atosorigin.com
Wed Dec 17 00:32:40 PST 2003
Eric Masson:
>I'm experimenting dynamic routing protocols in a vpn setup. Ipsec tunnel
>mode is not applicable here as selectors do not appear in system routing
>table.
I think the problem is that you need multicasts to exchange routing
updates through the tunnel. If I am not mistaken that is supported with
gif interfaces as well. Maybe you could do away with gif?
>On destination box, tcpdump shows incoming ipsec gre transformed
>packets, but these packets don't make their way to internal interface,
>and are silently dropped (no log anywhere)
This is odd. Do you have a chance to test this against another IPSec
box, e.g. a Cisco router configured with a GRE Tunnel interface?
Helge
More information about the freebsd-net
mailing list