IPSEC on 5.5

Jonathan Schneider jon at axismilton.ltd.uk
Tue Oct 31 19:30:01 GMT 2006


[Could the moderator please bin my other pending message. I'm  
assuming that will happen because it did last time.]

I'm still struggling a bit.

Looking at
http://www.freebsddiary.org/ipsec-tunnel.php
and
http://ezine.daemonnews.org/200402/nfs_via_ipsec_tunnel.html

the private addresses is used in the spdadd lines

whereas the handbook has the public addresses being used in the  
spdadd lines.

This sort of agrees with my understanding as it's the gif that  
packages up the thing with the external address on the way out after  
the ipsec bits and bobs. Why does the handbook appear to give  
conflicting information ?

Also the manual page for gif says that it might not interoperate with  
other ipsec tunnels. What I want is something that interoperates with  
normalish ipsec routers.

http://www.netbsd.org/Documentation/network/ipsec/#sample_vpn

Though it's NetBSD the example seems to not use gif. Is that because  
Net does it differently and doesn't need gif to do the encapsulation ?

So my questions are:-

Is using gif just a historical FreeBSD way of doing things and no  
good for interoperability ?

Why am I seeing conflicting information ? What's the setup that is  
likely to work with most other equipment ?

Jon





More information about the Ukfreebsd mailing list