From owner-freebsd-security Fri Jan 7 7:41: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from proxy4.ba.best.com (proxy4.ba.best.com [206.184.139.15]) by hub.freebsd.org (Postfix) with ESMTP id 641721522B for ; Fri, 7 Jan 2000 07:41:01 -0800 (PST) (envelope-from GregoryC@stcinc.com) Received: from stcinc.com (gw-covad768k-cognitivetech.ncal.verio.com [207.20.238.29] (may be forged)) by proxy4.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id HAA24385 for ; Fri, 7 Jan 2000 07:39:31 -0800 (PST) Message-ID: <38760B2F.1044E20D@stcinc.com> Date: Fri, 07 Jan 2000 07:50:07 -0800 From: Gregory Carvalho Reply-To: GregoryC@stcinc.com Organization: Simplified Technology Company X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD-Security@freebsd.org Subject: Configuration Validation Request Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a scenario which requires IPSec, but the packets must transgress a Microsoft Windows NT 4.0 Server running PPTP. I would like to use the Kame IPSec package on FreeBSD 3.3R as in the diagram below. I envision the sequence being Farside's PoPToP establishing a connection with OutOfMyHands's PPTP, then IPSec riding that tunnel and cruising right past OutOfMyHands to ServerSide's IPSec. Please comment on the validity of this configuration. ------------------- /\ ------------------- | FreeBSD 3.3R | / \ | WinNT4S | | Name: FarSide | / \ | Name: OutOfMyHands| | IPSec (Kame) | \Inet/ | MS Proxy | | PoPToP |____\__/____| PPTP |__ ------------------- \/ ------------------- | | | ------------------- | | FreeBSD 3.3R | | | Name: ServerSide | | | | | | IPSec |__| ------------------- -- Cordially, Gregory Carvalho GregoryC@stcinc.com Simplified Technology Company http://www.stcinc.com In God I Trust! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message