Dummynet, gif, and ipsec
Ermal Luçi
ermal.luci at gmail.com
Fri May 9 16:36:52 UTC 2008
On Fri, May 9, 2008 at 6:17 PM, Derek (freebsd-ipfw)
<482254ac at razorfever.net> wrote:
> Ermal Luçi wrote:
>>
>> Well this is a patch to shape IPSec tunnels with ALTQ and FreeBSD 6.3
>> as you are running. It is another alternative to dummynet though it
>> have been tested with pf but should work with ipfw too since it knows
>> about ALTQ.
>> Hope it helps!
>>
>
> Hi Ermal,
>
> Thanks for the response!
>
> I'm looking to roll this out on 5-7 machines, so I'm really looking for a
> solution where we wouldn't have to make changes to the kernel code and would
> be supported by the base system moving forward.
>
> Are you planning to submit a PR with this patch?
>
> Also are the m_tag, or altq_tag the same tags created with the ipfw tag
> command?
>
As far as i am aware this should be transparent to ipfw. Meaning it
should work since ipfw speaks ALTQ tags so no problems should arise.
It is in use in production machines as a patch so you can be sure it
works reliably.
I can submit the PR but i think it is better if somebody with ipsec
competence comments about its eligibility. I CC'd freebsd-net@ so
somebody will speak for this more rather than place it on PR that
nobody would look at.
Ermal
> -- Derek
>
More information about the freebsd-net
mailing list