Routing IPSEC packets?
Phil Regnauld
regnauld at catpipe.net
Fri Aug 18 11:34:11 UTC 2006
Bjoern A. Zeeb (bzeeb-lists) writes:
>
> You do not "route" IPsec traffic. You define apropriate policies and
> be done. You only need gif(4) if you really want to route and use a
> link-state protocol.
... and want to do egress filtering, prioritization, and other
things you can only really do for packets that travel in and out
of an interface. The problem with the triangle home - pcolo - ocolo
is that it doesn't scale. Hub-and-spoke is easier but then you need
interfaces to route on.
More information about the freebsd-net
mailing list