Excuse the off-topic. I have some basic questions regarding implementing a vpn and I figured pf is closely related enough. I have posted similar questions to openbsd.misc and comp.security.unix without success.
1. There are many references to bypassing IPsec processing for gateway-gateway communications. Why is that? The provided rc.vpn script does this without explanation. 2. What is the use of forcing IP-in-IP (-forcetunnel) when setting up an SA? The vpn manpage example does this without explanation. -- Peter __________________________________________________________ Find your next car at http://autos.yahoo.ca