Excuse the off-topic. I have some basic questions regarding implementing
a vpn and I figured pf is closely related enough. I have posted similar
questions to openbsd.misc and comp.security.unix without success.
1. There are many references to bypassing IPsec processing for
gateway-gateway communications. Why is that? The provided rc.vpn script
does this without explanation.
2. What is the use of forcing IP-in-IP (-forcetunnel) when setting up an
SA? The vpn manpage example does this without explanation.
--
Peter
__________________________________________________________
Find your next car at http://autos.yahoo.ca
