Re: Freeswan in Debian, or: Why I am such a bad maintainer
- To: Wichert Akkerman <wichert@wiggy.net>
- Cc: Lupe Christoph <lupe@lupe-christoph.de>, Marc Haber <mh+debian-devel@zugschlus.de>, Rene Mayrhofer <rene.mayrhofer@gibraltar.at>, Bastian Blank <waldi@debian.org>, Dominique Kaiser <dommi_s1@gmx.net>, Steven Augart <augart@watson.ibm.com>, Anthony DeRobertis <anthony@derobert.net>, Andrew Pimlott <pimlott@idiomtech.com>, herbert@gondor.apana.org.au, Alexander Hvostov <alex@aoi.dyndns.org>, Daniel Pocock <daniel@pocock.com.au>, Russell Stuart <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, Christoph Martin <martin@uni-mainz.de>, Alexei Ustyuzhaninov <alust@UralskyGSM.com>, Jason Spence <jspence@lightconsulting.com>, Mike Fedyk <mfedyk@matchmail.com>, Luca Fornasari <luca.fornasari@easybit.it>, Torsten Knodt <tk-debian@datas-world.de>, Christian Perrier <bubulle@debian.org>, Luk Claes <luk.claes@ugent.be>, debian-devel@lists.debian.org, Nate Carlson <natecars@natecarlson.com>
- Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
- From: Giacomo Mulas <gmulas@ca.astro.it>
- Date: Tue, 29 Jun 2004 09:17:35 +0200 (CEST)
- Message-id: <[🔎] Pine.LNX.4.56.0406290911420.5223@capitanata.ca.astro.it>
- Reply-to: Giacomo Mulas <gmulas@ca.astro.it>
- In-reply-to: <[🔎] 20040628193306.GN9561@wiggy.net>
- References: <[🔎] 40E00DDA.3040807@gibraltar.at> <[🔎] 20040628130629.GB9561@wiggy.net> <[🔎] 20040628142423.GO6752@torres.ka0.zugschlus.de> <[🔎] 20040628143046.GH9561@wiggy.net> <[🔎] 20040628165547.GT29463@lupe-christoph.de> <[🔎] 20040628193306.GN9561@wiggy.net>
On Mon, 28 Jun 2004, Wichert Akkerman wrote:
> Previously Lupe Christoph wrote:
> > Such as having virtual interfaces to hang firewall rules from,
> > preferably one per tunnel?
>
> You should be able to do that using dummy interfaces. Just keep in
> mind that ipsec is no longer done through an interface but via a
> route transform, which is a very different and more flexible approach.
Wichert, would you care to produce even just an outline of an example of
how to do it, or point me to an howto which provides it? Indeed the one
thing I love of KLIPS with respect to the native Linux IPSec is just
having virtual interfaces, which ease quite a lot writing and maintaining
complex firewalling and/or traffic control rules.
Thanks
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: