Firewall Wizards mailing list archives
Re: OpenBSD IPSEC VPN question
From: Chris Buechler <fw-wiz () chrisbuechler com>
Date: Tue, 30 Apr 2013 22:28:22 -0500
On Tue, Apr 30, 2013 at 8:29 PM, Paul D. Robertson <paul () compuwar net> wrote:
It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard routing table. Possibly in *BSD you need to use a gre or gif tunnel to achieve the same thing?
You can, but that's a different circumstance. That would be IPsec transport mode, which in combination with gif, GRE or similar tunneling indeed doesn't have such requirements/quirks since there is a route in the routing table in that case. Tunnel mode is more common, which is what's applicable to the subject of this thread. Routing table changes have no impact on whether traffic in BSD traverses a tunnel mode IPsec connection, aside from the quirk I mentioned previously to impact its source IP selection for traffic initiated by the firewall itself. Chris _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: OpenBSD IPSEC VPN question Chris Buechler (Apr 30)
- Re: OpenBSD IPSEC VPN question Paul D. Robertson (Apr 30)
- Re: OpenBSD IPSEC VPN question Chris Buechler (Apr 30)
- Re: OpenBSD IPSEC VPN question Paul D. Robertson (Apr 30)