IPSEC documentation

Brian Candler B.Candler at pobox.com
Wed Dec 28 11:07:25 PST 2005


On Wed, Dec 28, 2005 at 05:15:39PM +0100, Eric Masson wrote:
> Brian Candler <B.Candler at pobox.com> writes:
> 
> > OK, I'll buy gif + IPSEC transport mode as an option. [Although in that
> > case, perhaps what you want is an external IPSEC tunnel mode implementation
> > which attaches to a 'tun' device. That's yet another category which I hadn't
> > even considered]
> 
> Any url describing this setup please ?

I don't know definitively.

security/vpnc works fine for me as a client for talking to a Cisco VPN
concentrator. I think that's IPSEC tunnel mode + PSK + XAUTH (which can also
assign an IP address and insert routes into your forwarding table)

There's net/pipsecd in ports. Its version is 19991014. I have no idea if it
still works.

I know of non-IPSEC solutions using tun (OpenVPN, TINC). I also know of
userland IPSEC solutions which I don't think run under FreeBSD (FreeS/WAN,
OpenS/WAN).

All a bit of a nightmare really. Documentation would be good :-)

> > I still think that gif + IPSEC tunnel mode (as currently documented) is not
> > a good approach, especially if it's the *only* mode of operation to be
> > documented and hence implicitly recommended as the 'right' way to do it.
> 
> Well, ipsec section of the handbook is probably not the best one, I'd
> like to see it extended with the sections you talked about in this
> thread. Maybe it's time to submit patches...

Sure. I first just wanted to check that there wasn't something I was
missing.

Regards,

Brian.


More information about the freebsd-net mailing list