At 11:34 PM -0400 4/25/00, Richard Unger wrote:
>Delving into the NetBSD website, there is little I can find in terms 
>of docs on tunnelling and VPNs. 'man gre' and 'man ipip' are also 
>less than informative. As far as I can tell, there are four 
>available tunnelling interfaces: gre, ipip, gif and tun. All 
>implement different tunnelling protocols, except ipip which seems to 
>be a subset of gif. As far as I can

Right so far.  Ipip seems to be deprecated in favor of gif.  If 
nothing else it is less configurable.  You will need to build a 
custom kernel if the devices you want don't show in an "ifconfig -a". 
Gre seems to be a newer, more IPv6-friendly protocol, but I think gif 
is fine for v4 <-> v4 tunneling.

For an encrypted link, if you want IPSec then you should go with 
-current, which got a complete port of the IPv6 KAME code integrated 
a few months ago.  Otherwise you might want to go with SSH, which is 
in pkgsrc.  (Make sure you get the patch to rsaref if you don't use 
pkgsrc.  Oh, you're in Canada.  Do you have to worry about the RSA 
patent?)

I'm a bit uncertain myself.  The above is what I've gleaned so far.


Signature failed Preliminary Design Review.
Feasibility of a new signature is currently being evaluated.
h.b.hotz@jpl.nasa.gov, or hbhotz@oxy.edu