Subject: IPsec question
To: None <netbsd-users@netbsd.org>
From: Dan McMahill <mcmahill@mtl.mit.edu>
List: netbsd-users
Date: 08/13/2003 21:57:56
I have what I think is probably a simple IPsec question.
When linksys and other similar vendors say their little hardware
firewalls support"IPsec passthru" what exactly do they mean and how
do I get the same thing out of a netbsd+ipf based firewall?

Do I just need to add options IPSEC to the kernel and use setkey to add
a policy of 'none'?  Ie, something like:

spadd 10.0.1.0/24 10.0.2.0/24 any -P out none
spadd 10.0.2.0/24 10.0.1.0/24 any -P in none

If I understand it correctly this just would say let the IPSEC packets
through?  Or do I even need an IPSEC kernel to do "passthru"?

Any whacks with a cluestick would be most appreciated.

Thanks
-Dan