IPSEC on 5.5
jon at axismilton.ltd.uk
Tue Oct 31 19:30:01 GMT 2006
[Could the moderator please bin my other pending message. I'm
assuming that will happen because it did last time.]
I'm still struggling a bit.
the private addresses is used in the spdadd lines
whereas the handbook has the public addresses being used in the
This sort of agrees with my understanding as it's the gif that
packages up the thing with the external address on the way out after
the ipsec bits and bobs. Why does the handbook appear to give
conflicting information ?
Also the manual page for gif says that it might not interoperate with
other ipsec tunnels. What I want is something that interoperates with
normalish ipsec routers.
Though it's NetBSD the example seems to not use gif. Is that because
Net does it differently and doesn't need gif to do the encapsulation ?
So my questions are:-
Is using gif just a historical FreeBSD way of doing things and no
good for interoperability ?
Why am I seeing conflicting information ? What's the setup that is
likely to work with most other equipment ?
More information about the Ukfreebsd