Brian Candler <[EMAIL PROTECTED]> writes: Hi,
> The IPSEC documentation at > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html is > pretty weird. It suggests that you encapsulate your packets in IP-IP (gif) > encapsulation and THEN encapsulate that again using IPSEC tunnel mode. Well transport mode is sufficient and imho logical in this setup, that's right. > ISTM that this chapter should be rewritten to use IPSEC tunnel mode solely. > Do people here generally agree ? No. gif/gre tunnels and ipsec transport mode are quite convenient when associated with dynamic routing protocols. Adding a section about pure ipsec tunnels would be a better approach (check handbook cvs history, iirc, ipsec tunnels were described in a previous version) Éric Masson -- Je vous ferez remarquer chers câblés et très très chères câblées qu'un simple message INNOCENT (j'insiste) a engendré près de 10 réponses !!! -+- PC in <http://www.le-gnu.net> : Tous coupables, tous. -+- _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
