Re: IPsec vs ssh

To: Thor Lancelot Simon <tls%panix.com@localhost>, John Nemeth <jnemeth%cue.bc.ca@localhost>
Subject: Re: IPsec vs ssh
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Fri, 15 Nov 2013 12:45:14 -0800

On Nov 15,  7:42am, Thor Lancelot Simon wrote:
} On Fri, Nov 15, 2013 at 12:00:07AM -0800, John Nemeth wrote:
} > } > 
} > } >     A tunnel is basically encapsulation of any sort.  So, when you
} > } 
} > } Wrong, wrong, wrong.  IPsec has separate tunnel and transport modes.
} > 
} >      If you had been following the thread, and seen the configuration
} > examples you would have seen that he was using IPSec in tunnel
} > mode.  Transport mode, of course, doesn't encapsulate the packet;
} > it simply adds an ESP header (and encrypts the data portion) or an
} > AH header.  Regardless of this, the statement that, "A tunnel is
} > basically encapsulation of any sort," stands on it's own, and is
} > correct.  NOT WRONG!!!
} 
} I'm sorry you're upset, but what you said was still incorrect, and
} shouting about it strikes me as vaguely like spitting at the sky because
} it's raining.
} 
} IPsec transport-mode encapsulation is not "a tunnel" by any reasonable
} definition of "a tunnel" I can think of.  Neither is the encapsulation

     The only person talking about IPSec transport mode is you.
As I said, transport mode does not encapsulate the packet (at least
not in the sense that you take an entire intact packet and stuff
it inside a new packet as the data portion), thus obviously, it is
not a tunnel.

}-- End of excerpt from Thor Lancelot Simon

References:
- Re: IPsec vs ssh
  - From: Thor Lancelot Simon

Prev by Date: Re: RFC 6926
Next by Date: Re: axe(4) woes
Previous by Thread: Re: IPsec vs ssh
Next by Thread: Re: IPsec vs ssh
Indexes:

Home | Main Index | Thread Index | Old Index