tech-net: Re: IPsec tunnel mode and IP forwarding

Subject: Re: IPsec tunnel mode and IP forwarding
To: Emmanuel Dreyfus <manu@netbsd.org>
From: =?ISO-8859-1?Q?Timo_Sch=F6ler?= <timo.schoeler@macfinity.net>
List: tech-net
Date: 10/01/2004 23:29:37

> Hi
>
> When using IPsec in tunnel mode, the machine will forward packets=20
> coming
> from and to the tunnel regardless of the net.inet.ip.forwarding=20
> setting.
> Is it on purpose or is it a bug?
>
> --=20
> Emmanuel Dreyfus
> Il y a 10 sortes de personnes dans le monde: ceux qui comprennent
> le binaire et ceux qui ne le comprennent pas.
> manu@netbsd.org

IIRC the tunnel mode was intended to end on routers/gateways (i.e. on a=20=

're-distributing' its network connectivity device)?

--=20
mit vorz=FCglichster Hochachtung/best regards,

Timo Sch=F6ler
//macfinity -- finest IT services | Triftstrasse 39 | 13353 Berlin |=20
Germany
Fon ++49 30 25 20 30 20 | Fax ++49 30 25 20 30 19
PGP data http://www.macfinity.net/~tis/contact/PGPPKB_timo.schoeler.txt=