| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
| Topic: IPSEC IN FREEBSD. THE
DIFFERENCE BETWEEN TUNNEL
AND TRASPORT MODES. |
[New Topic] [New Reply] |
maksymk
Member since:
2006-07-30 05:38:16 |  posted: 2006-07-30 05:46:27
IPSec in FreeBSD. The
difference between tunnel
and trasport modes.
----------
I've just set up a VPN
connection between 2
networks exactly as
described in FreeBSD
Handbook. But what made
me confused is the
difference between tunnel
and trasport modes.
What is the actual
difference between the
rules: spdadd A.B.C.D/32
W.X.Y.Z/32 ipencap -P out
ipsec
esp/tunnel/A.B.C.D-W.X.Y.
Z/require AND spdadd
A.B.C.D/32 W.X.Y.Z/32
ipencap -P out ipsec
esp/transport/A.B.C.D-W.X
.Y.Z/require (A.B.C.D and
W.X.Y.Z - are external
IPs of the gateways) ? I
tried both of them and
they worked equally
fine.
As stated in the
IPSec documentation
tunnel indicates that the
whole packet will be
further encapsulated in
an IPsec packet. But what
for to encapsulate it
once again if it is
encapsulated by
gif-device before (for
organizing the actual
tunel: to replace private
addresses to public and
transfer the packet
through the Internet)
?
Thanks everyone to
make it clear. |
|
