Hey Bruno, Sorry I didn't reply to this earlier; the message didn't make it to me somehow.
Bruno Wolff III <br...@wolff.to> writes: > I tried this out on 4.7 kernels and it seemed to work OK. I can't tell > about security, but the packets made it to where they are going. Happy to hear! > > My eventual use case, is to be able to reach a machine behind NAT by going > though a fixed machine in another location. The machine behind NAT will > keep a tunnel usable by occasionally pinging through the tunnel to make > sure that NAT has state information allowing packets to make it back and > that the fixed machine knows where to send packets. That seems like a setup that would work fine. > > This seems much easier to use than ipsec and should be faster than > tunnelling over ssh or openvpn. Absolutely! That's the goal. Thanks for the feedback, Jason
