On Fri, 2005-08-05 at 11:13, Aleksandar Milivojevic wrote:
Anyhow, the more I work with native Linux IPSec, the more it seems to me decision not to assign virtual interface (like ipsec* or tun*, like some other VPN implementations do) to tunnels was a mistake (maybe current way looks cleaner to kernel developer, but the old way was way simpler to manage for system administrator).
Can you fix this the way it is commonly done in routers? That is, configure a GRE tunnel as the end points to get a real-looking interface that you can route over, do multicast, etc., and then push the GRE packets through ipsec. I've wondered if this would work between a Linux box and a Cisco router but never had time to test it. (I have done GRE tunnels and multicast, just not the ipsec part).