Subject: Re: rfc: gre over udp [patch]
To: None <tech-net@NetBSD.org>
From: David Young <firstname.lastname@example.org>
Date: 08/26/2006 12:19:50
On Sat, Aug 26, 2006 at 06:53:06AM -0500, Jonathan A. Kollasch wrote:
> On Sat, Aug 26, 2006 at 02:18:04AM -0500, David Young wrote:
> > I need to tunnel packets through NAT routers to a tunnel concentrator at
> > my office. To that end, I am extending gre(4) to put tunnel packets into
> > UDP datagrams. I have attached a patch that contains my work in progress.
> > I request your feedback.
> Couldn't you just use tunnel-mode IPsec and NAT-T? Or is the complexity
> of IPsec/racoon trying to be avoided?
It's not just the complexity, although IPSec HOWTOs do make my head spin.
I want to use existing abstractions, such as the network interface, so
that I can re-use familiar utilities and daemons: ifconfig(8), route(8),
netstat(8), routing daemons, etc.
I am hopeful that nothing stops userland from setting up IPSec on a UDP
socket before delegating the socket to a GRE interface.
David Young OJC Technologies
email@example.com Urbana, IL * (217) 278-3933