[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: IPSec questions...

Well what you propose here is not exactly IPSec. It's an encrypted way to communicate but not IPSec. Don't expect it to work with a Cisco router/VPN concentrator or a Win2K machine.
FreeSwan is quite a good product, quite inter-operable with all paltforms I tested it with. (It's been a while now, but I can find you the info about how I did it if you'd like).


	-----Original Message-----
	From:	Jussi Tawaststjerna [SMTP:jussi.tawaststjerna@jippiigroup.com]
	Sent:	mercredi 9 janvier 2002 07:17
	To:	Stefan Srdic
	Cc:	debian-security@lists.debian.org
	Subject:	Re: IPSec questions... 

	Howdy,

	If you don't want to play with FreeS/WAN or CIPE or such, you could just
	rig an ssh connection and run PPP through it. This way you don't have to
	worry about patching kernels etc. (or at most, just compile PPP support
	in, as modules if you care about your uptime ;)

	http://www.linuxdoc.org/HOWTO/mini/VPN-4.html

	My friend's machine on the internet is also 192.168.2.1 on my intranet,
	and it works great. Whatever I feed this IP, goes thru the ssh tunnel,
	including packets that ssh will not forward normally (udp packets etc)

	My humble recommendation.

	On Tue, 8 Jan 2002, J C Lawrence wrote:

	> On Tue, 8 Jan 2002 10:37:10 -0700
	> Stefan Srdic <linuxbox@telusplanet.net> wrote:
	>
	> > I was curious about IPSec and had a few questions about it.  Do
	> > you need more then one host on the network in order to use it?
	>
	> To do anything useful, yes.
	>
	> > Can it be implemented without patching the kernel?
	>
	> In the case of FreeS/WAN, no, you have to patch the kernel.
	>
	> > Does Debian support it?
	>
	> There is a FreeS/WAN package, and there is a FreeS/WAN kernel patch
	> package.  I've not had success with the latter (I ended up hand
	> patching and building my own kernels).  The base Debian FreeS/WAN
	> packages seem to work.
	>
	> --
	> J C Lawrence
	> ---------(*)                Satan, oscillate my metallic sonatas.
	> claw@kanga.nu               He lived as a devil, eh?
	> http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.
	>
	>
	> --
	> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
	> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
	>
	>

	     Jussi Tawaststjerna            jussi.tawaststjerna@jippiigroup.com
	     Senior Support Engineer (NOC)      Annankatu 44 00100 Helsinki
	     Jippii Group Oyj                      Phone +358 9 4243 0662



	-- 
	To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
	with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: