[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "BSingh" == BSingh <BSingh@Nomadix.com> writes:
BSingh> Thanks for your responses.. I have another query regarding this.
BSingh> I have a question about the IPsec SPD.. I had worked a long time
BSingh> back on Linux freeswan.. What I do remember from that is that
BSingh> each tunnel on the outbound side was represented as a virtual
BSingh> interface like ipsec0. So the ipsec engine would insert routes in
No, each tunnel does not have a virtual interface in FreeS/WAN.
Each *physical* interface has a virtual interface, like "ipsec0" associated
with it. We steal the packets via routing, and then insert them into the real
interface using magic.
We are heading towards a situation where each tunnel could have a virtual
interface (it will be an option). We are heading away from having an the
virtual interfaces have anything to do with the physical interfaces.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPklB/YqHRg3pndX9AQEpFgQAv5QHr7OvrtBOtITWa9pbSHT5zFlYhkSl
TKs35WtfDW0P4eLsLa1qo/tIE3xu4RGe+xo1R/SlM/7e0WUbK2QzedSHjQOgBBw9
LoMfYkbocesMuSkSfb3wUFNTr4A70sFe8mKp2FpjxTgxwMjPt/ZwviRpc+DAjbu1
/SNPOTmZIac=
=qsu3
-----END PGP SIGNATURE-----