On 2013-07-04, Anders Berggren <[email protected]> wrote: > However, I think it's possible to use a gif tunnel for the > tunnel encapsulation, and only use IPsec for the endpoint encryption. > It would probably work, because unlike IPsec flows, it's not "source > routed".
Matt Dainty got this to work with manual keying. http://bodgitandscarper.co.uk/openbsd/openbsd-ipsec-and-rfc-3884/ Additional work on the daemons would be needed to support this with either IKE or IKEv2.
