On Sat, Aug 26, 2006 at 06:53:06AM -0500, Jonathan A. Kollasch wrote:
> On Sat, Aug 26, 2006 at 02:18:04AM -0500, David Young wrote:
> > I need to tunnel packets through NAT routers to a tunnel concentrator at
> > my office.  To that end, I am extending gre(4) to put tunnel packets into
> > UDP datagrams.  I have attached a patch that contains my work in progress.
> > I request your feedback.
> 
> Couldn't you just use tunnel-mode IPsec and NAT-T?  Or is the complexity
> of IPsec/racoon trying to be avoided?

It's not just the complexity, although IPSec HOWTOs do make my head spin.
I want to use existing abstractions, such as the network interface, so
that I can re-use familiar utilities and daemons: ifconfig(8), route(8),
netstat(8), routing daemons, etc.

I am hopeful that nothing stops userland from setting up IPSec on a UDP
socket before delegating the socket to a GRE interface.

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933