--- David Powers <[EMAIL PROTECTED]> wrote:
> I highly recommend looking into openvpn as an alternative. If you have
> control of both ends and don't have to work to inter operate with an
> existing IPSEC implementation then it is vastly easier to setup and
> maintain.
>
> -David
>
> Travis
> I've always used IPSEC in Transport mode, combined with a GIF tunnel for
> encapsulating the packets. Much easier to set up than tunnel-mode IPSEC.
I just finished setting up an IPsec tunnel, and it took me 7 hours.
Of course, this was my first time with IPsec, but still... it was very
very pic
Travis H. wrote:
On 1/17/06, Peter <[EMAIL PROTECTED]> wrote:
2. What is the use of forcing IP-in-IP (-forcetunnel) when setting up an
SA? The vpn manpage example does this without explanation.
So that it won't use transport mode, which may be the default?
If you're setting up a vp
On 1/17/06, Peter <[EMAIL PROTECTED]> wrote:
> 2. What is the use of forcing IP-in-IP (-forcetunnel) when setting up an
> SA? The vpn manpage example does this without explanation.
So that it won't use transport mode, which may be the default?
If you're setting up a vpn, you have more than one c
Excuse the off-topic. I have some basic questions regarding implementing
a vpn and I figured pf is closely related enough. I have posted similar
questions to openbsd.misc and comp.security.unix without success.
1. There are many references to bypassing IPsec processing for
gateway-gateway commun
