IPSEC documentation

Clark Gaylord gaylord at dirtcheapemail.com
Wed Dec 28 08:20:53 PST 2005


On Wed, 28 Dec 2005 16:04:04 +0100, "Phil Regnauld"
<regnauld at catpipe.net> said:
> 	Yes, here using tunnel is indeed odd, it would make more sense
> 	of using IPIP or just GRE in transport mode.

I have often used GRE+IPsecTransport -- this allows routing protocols,
link state (if you have GRE keepalives), etc, to function correctly, and
I think it is easier to see what is going on than the "transparent"
IPsec tunnel approach.  Haven't done it with FreeBSD, though.

--ckg
--
Clark Gaylord
Blacksburg, VA USA
gaylord at dirtcheapemail.com



More information about the freebsd-net mailing list