IPSEC documentation

Brian Candler B.Candler at pobox.com
Wed Dec 28 07:55:57 PST 2005


On Wed, Dec 28, 2005 at 04:26:43PM +0100, Eric Masson wrote:
> gif/gre tunnels and ipsec transport mode are quite convenient when
> associated with dynamic routing protocols.

OK, I'll buy gif + IPSEC transport mode as an option. [Although in that
case, perhaps what you want is an external IPSEC tunnel mode implementation
which attaches to a 'tun' device. That's yet another category which I hadn't
even considered]

I still think that gif + IPSEC tunnel mode (as currently documented) is not
a good approach, especially if it's the *only* mode of operation to be
documented and hence implicitly recommended as the 'right' way to do it.


More information about the freebsd-net mailing list