Re: AW: Firewall Planning

[daniel <daniel@debian-gnu.com>]

Jose Guzman wrote:
> Chavez, Bruce wrote:
>
> >  >If you want to go even further you can create a VPN over your wireless
> >  >network to ecrypt data.
> >
> > do you have as documentation or a link to this ???
>
> Check the freeswan project at  http://www.freeswan.org
>
>  There are debian packages for freeswan in woody, and work great, a 
> kernel patch is needed for 2.4.x. In 2.6.x ipsec support is built-in and 
> you don't need freeswan, but last time I checked, there was not much 
> documentation on ipsec over linux 2.6.
>
>  Ipsec in the windows world is a bit harder to get working, but is 
> possible, the easier way I hear is with pptp, which linux supports, 
> although it is regarded as a worse solution, security-wise.
>
>  There was info on how to get a win2k box talk ipsec here: 
> http://jixen.tripod.com/win2k-screen.html but it appears it's no longer 
> there, I made a copy of the site, which included screenshots and a 
> straightforward description of the trick, if you need it, I can put it 
> somewhere for download.
>
>
> have fun
>
>
>  José
>
> PS.
> please reply to the list

There is an ipsec howto on kernel 2.6.x at 
http://www.ipsec-howto.org/x237.html

I would suggest you start using this KAME TOOLS option (ipsec for 2.6.x) 
with kernel 2.4.22 source package from debian (which has 2.6 ipsec stuff 
in it), you have a stable kernel, you have latest ipsec method and you 
dont need freeswan wich probably will become obsolete when 2.6.x becomes 
stable.

Follow the howto of the url and youll have ipsec working in no time.

Hope this helps

--
-daniel
http://www.debian-gnu.com