Subject: Re: filtering and IPSec
To: Chris Jones <chris@cjones.org>
From: Paul Dokas <dokas@cs.umn.edu>
List: netbsd-help
Date: 03/26/2003 23:12:10
On Wed, 26 Mar 2003 16:49:15 -0700, Chris Jones <chris@cjones.org> wrote:
> Does anybody know any other ways to achieve this level of control,
> without buying another computer?
To accomplish the same thing, I've done the following:
+ Use IPSec in transport mode between the two endpoints
+ Build a GRE tunnel between the end points under IPSec
+ Filter at the gre# interfaces on each endpoint
This was some time ago (NetBSD 1.5 days) and there have been quite a
few changes in these areas of NetBSD, so you'll have to try this out
to make sure that it still works.
Paul
--
Paul Dokas dokas@cs.umn.edu
======================================================================
Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla."