Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenBSD IPSEC VPN question

From: Chris Buechler <fw-wiz () chrisbuechler com>
Date: Tue, 30 Apr 2013 22:28:22 -0500
On Tue, Apr 30, 2013 at 8:29 PM, Paul D. Robertson <paul () compuwar net> wrote:

It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard 
routing table.  Possibly in
*BSD you need to use a gre or gif tunnel to achieve the same thing?



You can, but that's a different circumstance. That would be IPsec
transport mode, which in combination with gif, GRE or similar
tunneling indeed doesn't have such requirements/quirks since there is
a route in the routing table in that case. Tunnel mode is more common,
which is what's applicable to the subject of this thread. Routing
table changes have no impact on whether traffic in BSD traverses a
tunnel mode IPsec connection, aside from the quirk I mentioned
previously to impact its source IP selection for traffic initiated by
the firewall itself.

Chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: