IPSec VPNs: to gif or not to gif
Eric Anderson
anderson at centtech.com
Wed Oct 22 05:34:46 PDT 2003
Jim Hatfield wrote:
>I will shortly be replacing a couple of proprietary VPN boxes
>with a FreeBSD solution. Section 10.10 of the Handbook has a
>detailed description of how to do this.
>
>However I remember a lot of discussion about a year ago about
>whether the gif interface was necessary to set up VPNs like
>this or whether it was just a convenience, for "getting the
>routing right". A number of people said that gif was not
>needed but I've never found a step-by-step description of how
>to set up a lan-to-lan VPN without using it.
>
I use gif interfaces for my VPN's, and it works extremely well. The
only other solution I think I would even try, is mpd, but that uses a
much weaker protocol from what I know (PPTP).
It's so easy to use gif, I'm not sure why you wouldn't.
Eric
--
------------------------------------------------------------------
Eric Anderson Systems Administrator Centaur Technology
All generalizations are false, including this one.
------------------------------------------------------------------
More information about the freebsd-security
mailing list