Hosting Provided By

linux-ipsec: Configuration commands

From: Sandy Harris <sandy.harris(at)sympatico.ca>
Date: Fri Jan 15 1999 - 17:49:57 EST

>From klips/doc/rgb_setup file in the distribution:

> ipsec0 needs to be associated with a real interface. . . . Then we
> need to configure the new pseudo interface:
>
> gonzales# ipsec tncfg --attach --virtual ipsec0 --physical eth0
> gonzales# ifconfig ipsec0 192.168.2.110 netmask 255.255.255.0
>
> <snip>

Shouldn't the IPSEC device inherit addresses and netmask, then? Why is the second command above necessary? For that matter, why isn't the whole thing just:

ipsec attach ipsec0 eth0

Notes like the one above scare me. I'm inclined to assume that if users can get something wrong, some of them will.

On the other hand, is there some reason that inheritance won't work? Hard
to implement? Not appropriate in all cases? If the latter, should it be a
default which can be overidden when required?

-- 
"The real aim of current [cryptography] policy is to ensure the
 continued effectiveness of US information warfare assets against
 individuals, businesses and governments in Europe and elsewhere" 
       Ross Anderson, Cambridge University

Received on Fri Jan 15 18:30:26 1999

This message: [ Message body ]
Next message: Richard Guy Briggs: "Re: linux-ipsec: No output from gateway"
In reply to Henry Spencer: "Re: linux-ipsec: Configuration commands"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:29 EDT