Re: Setting up VPN's
On Fri, 16 May 2003, Noah Meyerhans wrote:
> Sure, but Herbert's patch is intended to work with both KLIPS (freeswan)
> and Linux 2.5+, so assuming the Debian freeswan maintainer elects to
> apply it once it's stablized, one should have no problems using the
> freeswan userland tools on Debian no matter which kernel they're using.
Beautiful! Which means I will not have to learn the syntax of different
userland tools and be able to keep using my exixting (working)
configurations.
> I don't think it's possible to *need* opportunistic encryption. By its
> very nature it's unreliable. You have no guarantee that you've got an
> IPsec session with a given host, so you really can't rely on
> opportunistic encryption to provide you with any security.
I was a bit scared by the first reactions on the freeswan list, but I
think freeswan 2.0 tries to assess this, introducing "policies", i.e. you
can specify that IPSec is required, optional or unwanted for specific
hosts/networks. This should give you the possibility to only accept some
connections if IPSec is active. Perhaps I will let you know how it works
after I have the possibility to test it on a non-critical machine (I can't
right now).
Cheers
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: