Hi,

Thanks for the information. I guess compiling a new kernel is the next
step for me. I think I might try with ipip or gre first, since it does not
seem that gif is included in the distribution I have (1.4.1)...
Also, I think I want to try without encryption first. I already have ssh
installed on my box, and I've looked into ipSEC a bit, but I want the
tunnel primarily to run NetMeeting (videoconferencing) and I fear that the
overhead of encryption will slow down the connection, since my NetBSD box
is but a 25MHz Quadra 700...

Thanks a lot!

Richie



On Thu, 27 Apr 2000, Henry B. Hotz wrote:

> At 11:34 PM -0400 4/25/00, Richard Unger wrote:
> >Delving into the NetBSD website, there is little I can find in terms 
> >of docs on tunnelling and VPNs. 'man gre' and 'man ipip' are also 
> >less than informative. As far as I can tell, there are four 
> >available tunnelling interfaces: gre, ipip, gif and tun. All 
> >implement different tunnelling protocols, except ipip which seems to 
> >be a subset of gif. As far as I can
> 
> Right so far.  Ipip seems to be deprecated in favor of gif.  If 
> nothing else it is less configurable.  You will need to build a 
> custom kernel if the devices you want don't show in an "ifconfig -a". 
> Gre seems to be a newer, more IPv6-friendly protocol, but I think gif 
> is fine for v4 <-> v4 tunneling.
> 
> For an encrypted link, if you want IPSec then you should go with 
> -current, which got a complete port of the IPv6 KAME code integrated 
> a few months ago.  Otherwise you might want to go with SSH, which is 
> in pkgsrc.  (Make sure you get the patch to rsaref if you don't use 
> pkgsrc.  Oh, you're in Canada.  Do you have to worry about the RSA 
> patent?)
> 
> I'm a bit uncertain myself.  The above is what I've gleaned so far.
> 
> 
> Signature failed Preliminary Design Review.
> Feasibility of a new signature is currently being evaluated.
> h.b.hotz@jpl.nasa.gov, or hbhotz@oxy.edu
>