[ On Wednesday, May 14, 2003 at 23:20:12 (+1000), Darren Reed wrote: ]
> Subject: Re: Take #3 - final proposed patch for ipsec/bpf/ipfilter integration
>
> I had thoughts of achieving this same goal in other ways but all were
> more trouble.  In some ways, i find this a very good model.  Afterall,
> there is nothing that requires it still to be IP traffic that is
> associated with the virtual interface.

Indeed!  Regardless of how it's actually implemented under the hood, I
agree this idea of having "virtual" interfaces for each "endpoint" in a
VPN environment is a very good model.  It solves the same kind of
problem in the same kind of way for every tool that already deals with
these issues by identifying a specific interface, including IP Filter,
BPF, and maybe even routing and bridging.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>