On Sat, 3 Mar 2001, Fran Boon wrote:
> From: "Charlie Brady" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, March 02, 2001 11:09 PM
> > The RPM is called ip_masq_gre because it also includes updated
> > ip_masq_ipsec modules (both uniprocessor and smp) - ipsec is another
> > protocol which uses GRE.
>
> GRE is *not* used by IPSec.
>
> GRE is IP protocol 47. This is used by PPTP (along with 1723/tcp)
>
> IPSec uses other protocols - 500/udp for IKE key exchange & ESP (IP protocol
> 50).
Yes of course. I shouldn't make rushed posts on Friday evening. ESP and
GRE are both encapsulation protocols, but the similarity ends there.
> It can also, optionally, use AH (IP protocol 51),. This is not supported by
> the ip_masq_vpn kernel patch & it is unlikely to ever be possible...
Indeed, since the Authentication Header includes the source IP address and
is encrypted, therefore can't be effectively masqueraded.
> So, I'm afraid that this is bad naming if the ip_masq_ipsec module is also
> included in the RPM...
It is. Can you suggest a good snappy collective term for the tunneling
protocols (ESP and GRE)? The reason they're bundled together is that the
patch wa a combined pptp and ipsec patch, so it was easier that way.
This is only a temporary package, as I'm sure that RedHat will have fixed
their code in the next kernel we ship.
Charlie Brady [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada
