IPSEC documentation
Clark Gaylord
gaylord at dirtcheapemail.com
Wed Dec 28 08:20:53 PST 2005
On Wed, 28 Dec 2005 16:04:04 +0100, "Phil Regnauld"
<regnauld at catpipe.net> said:
> Yes, here using tunnel is indeed odd, it would make more sense
> of using IPIP or just GRE in transport mode.
I have often used GRE+IPsecTransport -- this allows routing protocols,
link state (if you have GRE keepalives), etc, to function correctly, and
I think it is easier to see what is going on than the "transparent"
IPsec tunnel approach. Haven't done it with FreeBSD, though.
--ckg
--
Clark Gaylord
Blacksburg, VA USA
gaylord at dirtcheapemail.com
More information about the freebsd-net
mailing list