IPSEC documentation

Eric Masson e-masson at kisoft-services.com
Wed Dec 28 07:26:53 PST 2005


Brian Candler <B.Candler at pobox.com> writes:

Hi,

> The IPSEC documentation at
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html is
> pretty weird. It suggests that you encapsulate your packets in IP-IP (gif)
> encapsulation and THEN encapsulate that again using IPSEC tunnel mode.

Well transport mode is sufficient and imho logical in this setup, that's
right.

> ISTM that this chapter should be rewritten to use IPSEC tunnel mode solely.
> Do people here generally agree ?

No.

gif/gre tunnels and ipsec transport mode are quite convenient when
associated with dynamic routing protocols.

Adding a section about pure ipsec tunnels would be a better approach
(check handbook cvs history, iirc, ipsec tunnels were described in a
previous version)

Éric Masson

-- 
 Je vous ferez remarquer chers câblés et très très chères câblées qu'un
 simple message INNOCENT (j'insiste) a engendré près de 10 réponses !!!
 -+- PC in <http://www.le-gnu.net> : Tous coupables, tous. -+-


More information about the freebsd-net mailing list