RE: IPSec questions...
You're absolutely correct.
Pardon for my short-sightnedness, this is a painless way of doing this
between, for example, two linux boxes. If you're considering IPSec with a
Windows machine or any devices mentioned below, I'd go with FreeS/WAN.
On Wed, 9 Jan 2002, VERBEEK, FRANCOIS wrote:
> Well what you propose here is not exactly IPSec. It's an encrypted way to communicate but not IPSec. Don't expect it to work with a Cisco router/VPN concentrator or a Win2K machine.
> FreeSwan is quite a good product, quite inter-operable with all paltforms I tested it with. (It's been a while now, but I can find you the info about how I did it if you'd like).
>
>
> -----Original Message-----
> From: Jussi Tawaststjerna [SMTP:jussi.tawaststjerna@jippiigroup.com]
> Sent: mercredi 9 janvier 2002 07:17
> To: Stefan Srdic
> Cc: debian-security@lists.debian.org
> Subject: Re: IPSec questions...
>
> Howdy,
>
> If you don't want to play with FreeS/WAN or CIPE or such, you could just
> rig an ssh connection and run PPP through it. This way you don't have to
> worry about patching kernels etc. (or at most, just compile PPP support
> in, as modules if you care about your uptime ;)
>
> http://www.linuxdoc.org/HOWTO/mini/VPN-4.html
>
> My friend's machine on the internet is also 192.168.2.1 on my intranet,
> and it works great. Whatever I feed this IP, goes thru the ssh tunnel,
> including packets that ssh will not forward normally (udp packets etc)
>
> My humble recommendation.
>
> On Tue, 8 Jan 2002, J C Lawrence wrote:
>
> > On Tue, 8 Jan 2002 10:37:10 -0700
> > Stefan Srdic <linuxbox@telusplanet.net> wrote:
> >
> > > I was curious about IPSec and had a few questions about it. Do
> > > you need more then one host on the network in order to use it?
> >
> > To do anything useful, yes.
> >
> > > Can it be implemented without patching the kernel?
> >
> > In the case of FreeS/WAN, no, you have to patch the kernel.
> >
> > > Does Debian support it?
> >
> > There is a FreeS/WAN package, and there is a FreeS/WAN kernel patch
> > package. I've not had success with the latter (I ended up hand
> > patching and building my own kernels). The base Debian FreeS/WAN
> > packages seem to work.
> >
> > --
> > J C Lawrence
> > ---------(*) Satan, oscillate my metallic sonatas.
> > claw@kanga.nu He lived as a devil, eh?
> > http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
>
> Jussi Tawaststjerna jussi.tawaststjerna@jippiigroup.com
> Senior Support Engineer (NOC) Annankatu 44 00100 Helsinki
> Jippii Group Oyj Phone +358 9 4243 0662
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Jussi Tawaststjerna jussi.tawaststjerna@jippiigroup.com
Senior Support Engineer (NOC) Annankatu 44 00100 Helsinki
Jippii Group Oyj Phone +358 9 4243 0662
Reply to: