Archie Cobbs:
> Guido van Rooij wrote:
> > > An esp0 or ipsec0 device would provide the handle ipfw needs.
> >
> > That is excatly what I wanted to say earlier.
> >
> > But beware: this is only true in tunnel mode.
> >
> > In transport mode, the KAME stack calls the subprotocol handler
> > direc
On Tue, Nov 19, 2002 at 10:56:25AM -0800, Archie Cobbs wrote:
> Guido van Rooij wrote:
> > > The problem is that while ESP packets arrive to be processed by
> > > IPsec just fine thru my ipfw rules, when the packets are de-encrypted
> > > and re-inserted into the kernel they appear to ipfw to be