Bas Rijniersce wrote:
Not having an ipsec interface caused me quite a bit of trouble before. So I really want KLIPS.
Well, yes, the routing can get a bit non-intuitive and a bit harder to figure out when using native IPSec...
If the other side supports GRE, you can configure the tunnel using GRE, than place it into IPSec. Not ideal solution, but that way you'll get virtual interfaces and conventional routing if you really want/need that tunnel has its own virtual interface. You'd create GRE tunnel between A and B (external addresses of your VPN endpoints), create IPSec policy that traffic between A and B has to be encrypted (the "place GRE tunnel into IPSec" part), than simply route traffic into GRE interfaces. I've used it, it works.
If you go with GRE+IPSec, and you also have firewall on VPN endpoint, you'd want to use IPSec in tunnel mode. Otherwise transport mode will suffice.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos