Subject: Re: inside addresses and IPsec
To: None <>
From: Michael Richardson <>
List: tech-net
Date: 01/10/2001 19:40:41
>>>>> "Michael" == Michael Richardson <> writes:
    Michael> Absolutely.  I'd like to do something like:

    Michael> ifconfig lo1 inet up (whatever was assigned by the
    Michael> gateway)

  I tried this:


  # spoof out a local PCB
  ifconfig lo0 inet alias
  route add -net -iface

  setkey -c <<EOF
  spdadd any -P out ipsec esp/tunnel/A.B.C.D-E.F.G.H/require;
  spdadd any -P in ipsec  esp/tunnel/E.F.G.H-A.B.C.D/require;

  And it seems to work. I expect to have some problems because the mtu of
"lo0" needs to be lower, but I'll try ttcp with and without PMTU enabled to
see if this causes any real operational issues.

] Train travel features AC outlets with no take-off restrictions|gigabit is no[
]   Michael Richardson, Solidum Systems   Oh where, oh where has|problem  with[
]   the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [