IMPLEMENTATION - OpenGrok cross reference for /freebsd/share/doc/IPv6/IMPLEMENTATION

Lines Matching full:tunnel
26 	1.5 Generic tunnel interface
77 	4.8 Operations with IPsec tunnel mode
78 	4.8.1 RFC2401 IPsec tunnel mode approach
170     * "gif" interface implements IPv[46]-over-IPv[46] tunnel in a generic way,
171       and it covers "configured tunnel" described in the spec.
228     * KAME does not implement RFC1933/2893 automatic tunnel.
350 (NUD) on p2p interfaces, including tunnel interfaces (gif).  NUD is
687 Interfaces that has no IEEE802 address (pseudo interfaces like tunnel
786 1.5 Generic tunnel interface
788 GIF (Generic InterFace) is a pseudo interface for configured tunnel.
805 If you would like to configure an IPv4-in-IPv6 tunnel with gif interface,
1814 In IKE spec, there's ambiguity about interpretation of "tunnel" proposal.
1817 some implementation proposes it as "AH transport and ESP tunnel", since
1819 implementation proposes it as "AH tunnel and ESP tunnel".
1850 Tunnel mode works basically fine, but comes with the following restrictions:
1851 - You cannot run routing daemon across IPsec tunnel, since we do not model
1852   IPsec tunnel as pseudo interfaces.
1853 - Authentication model for AH tunnel must be revisited.  We'll need to
1855 - Path MTU discovery does not work across IPv6 IPsec tunnel gateway due to
1917 - Tunnel mode IPComp is not working right.  KAME box can generate tunnelled
1985 KAME IPsec implements ECN-friendly IPsec tunnel, described in
1987 Normal IPsec tunnel is described in RFC2401.  On encapsulation,
1993 To make IPsec tunnel ECN-friendly, we should modify encapsulation
1997 KAME IPsec tunnel implementation can give you three behaviors, by setting
2023 - if both IPsec tunnel endpoint are capable of ECN-friendly behavior,
2075 4.8 Operations with IPsec tunnel mode
2077 First of all, IPsec tunnel is a very hairy thing.  It seems to do a neat thing
2081 RFC2401 defines IPsec tunnel mode, within the context of IPsec.  RFC2401
2082 defines tunnel mode packet encapsulation/decapsulation on its own, and
2085 IPsec tunnel mode as filters - not as pseudo interfaces.
2087 There are some people who are trying to separate IPsec "tunnel mode" from
2092 transport mode SAs, instead of tunnel mode SAs.  Therefore, we cannot
2098 - RFC2401 IPsec tunnel mode approach (4.8.1)
2104 RFC2401 IPsec tunnel mode (filter-like) approach
2113 		IPsec tunnel pseudo devices
2119 	CON: cannot negotiate IKE with other IPsec tunnel-mode devices
2132 4.8.1 RFC2401 IPsec tunnel mode approach
2134 To configure your device as RFC2401 IPsec tunnel mode endpoint, you will
2135 use "tunnel" keyword in setkey(8) "spdadd" directives.  Let us assume the
2149 	spdadd A B any -P out ipsec esp/tunnel/C-D/use;
2150 	spdadd B A any -P in ipsec esp/tunnel/D-C/use;
2167 - When you want to run routing protocols on top of the IPsec tunnel, it is
2168   not possible.  As there is no pseudo device that identifies the IPsec tunnel,
2174 With this approach, you will configure gif(4) tunnel interfaces, as well as
2187 We can also exchange routing information over the tunnel (gif0), as the tunnel
2194 negotiating IPsec transport-mode SAs with the other end, not tunnel-mode SAs.