[fbsd] Re: Routing IPSEC packets?
Jeremie Le Hen
jeremie at le-hen.org
Mon Aug 21 16:49:54 UTC 2006
Anndrew,
On Mon, Aug 21, 2006 at 08:45:54PM +0400, Andrew Pantyukhin wrote:
> On 8/21/06, Jeremie Le Hen <jeremie at le-hen.org> wrote:
> >As is has indeed already been stated in this thread, IPSec tunnel mode
> >shunts the routing table. However the new enc(4) interface that Andrew
> >Thompson has imported from OpenBSD allows to filter IPSec traffic in a
> >more natural way.
>
> My understanding is that "options IPSEC_FILTERGIF"
> already forces decoded packets to show up on the
> interface:
>
> http://lists.freebsd.org/pipermail/freebsd-bugs/2005-December/016074.html
I agree with this, that's why I said "... allows to filter IPSec traffic
_in a more natural way_". IPSEC_FILTERGIF is a kind of hack IMHO, though
it has revealed itself to be very useful for many years.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-net
mailing list