From owner-freebsd-net  Tue Jun 20 17:53:45 2000
Delivered-To: freebsd-net@freebsd.org
Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69])
	by hub.freebsd.org (Postfix) with ESMTP id B6E8A37B53A
	for <freebsd-net@FreeBSD.ORG>; Tue, 20 Jun 2000 17:53:33 -0700 (PDT)
	(envelope-from jan@caustic.org)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.10.0/ignatz) with ESMTP id e5L0rbg28847;
	Tue, 20 Jun 2000 17:53:37 -0700 (PDT)
Date: Tue, 20 Jun 2000 17:53:36 -0700 (PDT)
From: "f.johan.beisser" <jan@caustic.org>
To: Nick Rogness <nick@rapidnet.com>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: Encrypted tunnel
In-Reply-To: <Pine.BSF.4.21.0006201337050.87385-100000@rapidnet.com>
Message-ID: <Pine.BSF.4.21.0006201749260.26934-100000@pogo.caustic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


weee fun!

On Tue, 20 Jun 2000, Nick Rogness wrote:

> 
> 
> Hello ya'll!
> 
> Question #1:
> 
> I have several tunnels (IPv4 -> IPv4) setup on several machines
> using nos style tunnels (nos-tun(8)).  What are my options to add
> encryption to the existing framework?

option #1 seems to be ssh tunnels, via ppp through your existing tunnel.

option #2 may be a replacement of the existing tunnels with IPSec (see
below).

> Question #2:
> 
> Can someone point me to a website or give me some info on the IPSEC
> feature within the kernel.  WHat does that allow me to do?  I know how
> IPSEC works conceptually, how would I implement it's features?

i'd suggest reading the RFC off of faqs.org, it's RFC 2401 (at least,
that's the version i've been reading as a base reference). other places to
look are www.kame.net (the KAME project), and in the freebsd source code
itself.


hope this helps a little bit.

another resource i've found helpful, is netbsd's site on IPSec, which was
(IMHO) decidedly better than freebsd's (i've not looked recently).

-- jan


 +-----/  f. johan beisser  /------------------------------+
  email: jan[at]caustic.org   web: http://www.caustic.org/~jan 
   "knowledge is power. power corrupts. study hard, be evil."



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message