| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
| Topic: IPSEC IN FREEBSD. THE
DIFFERENCE BETWEEN TUNNEL
AND TRASPORT MODES |
[New Topic] [New Reply] |
maksymk
Member since:
2006-07-30 05:38:16 |  posted: 2006-07-30 06:26:23
IPSec in FreeBSD. The
difference between tunnel
and trasport modes
----------
I've just successfully
set up a VPN connection
between 2 networks
exactly as described in
the FreeBSD Handbook. But
what made me confused is
the difference between
tunnel and trasport
modes.
What is the
actual difference between
the rules: spdadd
A.B.C.D/32 W.X.Y.Z/32
ipencap -P out ipsec
esp/tunnel/A.B.C.D-W.X.Y.
Z/require AND spdadd
A.B.C.D/32 W.X.Y.Z/32
ipencap -P out ipsec
esp/transport/A.B.C.D-W.X
.Y.Z/require (A.B.C.D and
W.X.Y.Z - are external
IPs of the gateways) ? I
tried both of them and
they worked equally
fine.
As stated in the
IPSec documentation
tunnel indicates that the
whole packet will be
further encapsulated in
an IPsec packet. But what
for to encapsulate it
once again if it is
encapsulated by
gif-device before (for
organizing the actual
tunel: to replace private
addresses to public and
transfer the packet
through the Internet)
?
Thanks everyone to
make it clear. |
|
