[ previous ] [ next ] [ threads ]
 
 From:  Vincent Fleuranceau <vincent at bikost dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC Site-to-site VPN firewall
 Date:  Thu, 27 Jan 2005 16:36:09 +0100 
-------- Message original --------

  > I know there is a way (according to the FreeBSD handbook) to put all
> this IPSEC traffic through a virtual network interface (gif0, gif1,
> etc).  Similar to how the PPTP server works with the ng0, ng1
> interfaces.  If this was how things were done then traffic could
> easily be filtered.
> 

Yes, having the IPsec traffic bound to a virtual interface would help a 
lot. But I don't know if the gifconfig stuff is available on FreeBSD 
4.xx (on which m0n0wall is based)...

-- Vincent