Re: gif(4) & ipsec [was: ICMP_UNREACH_NEEDFRAG broken in -current]
From: Bjoern A. Zeeb (bzeeb-lists_at_lists.zabbadoz.net)
Date: 09/27/04
- Previous message: Brian Somers: "Re: ICMP_UNREACH_NEEDFRAG broken in -current"
- In reply to: Brian Somers: "Re: ICMP_UNREACH_NEEDFRAG broken in -current"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 27 Sep 2004 11:39:40 +0000 (UTC) To: Brian Somers <brian@Awfulhak.org>
On Mon, 27 Sep 2004, Brian Somers wrote:
> On Mon, 27 Sep 2004 10:59:54 +0000 (UTC), "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> wrote:
> > On Mon, 27 Sep 2004, Brian Somers wrote:
> >
> > > The outside network segment is an IPSEC configuration with gif interfaces
> > ...
> > > Comments/suggestions/flames?
> >
> > most likely unrelated but I need input on this so ...
> > why do you need gif(4) ?
>
> With an ipsec-only solution, talking from a gateway box to an internal
> host on the ``other'' network doesn't work nicely....
ok.
> especially if the internal host on the other network doesn't have a
> route for it.
considering the usage of a vpn-gw/router most services needed like
ssh, ping and possibly telnet can be given a source address on command
line to use the internal IP. anyway it's complicating things, you are
right.
thanks for the detailed explanation.
-- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Brian Somers: "Re: ICMP_UNREACH_NEEDFRAG broken in -current"
- In reply to: Brian Somers: "Re: ICMP_UNREACH_NEEDFRAG broken in -current"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
