Date: 6 May 1999 23:40:30 -0000 From: mark thompson <thompson@squirrel.tgsoft.com> To: pb@fasterix.freenix.org Cc: freebsd-security@freebsd.org Subject: tunip: a quick review (was: VPN) Message-ID: <19990506234030.11430.qmail@squirrel.tgsoft.com>
next in thread | raw e-mail | index | archive | help
On Fri, 30 Apr 1999 23:30:59 +0200 Pierre Beyssac was overheard saying: BTW, as there seems to be a lot of interest in VPNs currently, and I had a need for something that could run between my FreeBSD box and a Linux box, I've written a small usermode IPSEC-compliant tunnel when I became tired of the impressive number of non-compatible hacks based on PPP, ssh, TCP, PPTP, you name it, while IPSEC clearly will sweep all of this. It's more of a proof-of-concept code for the moment (only fixed keys: it lacks key negociation stuff), and it can't beat a kernel implementation for performance, but it's easier to install, easier to port to other systems (you only need some kind of a "tun" device), easier to debug, easier to add weird crypto algorithms, easier to export (the crypto is from the OpenSSL library), and last but not least easier to distribute as a package external to the core OS. I'm happily running it between several FreeBSD and Linux boxes to setup tunnels to friends through my cable modem. If anyone is interested, it can be found here. WARNING: it's really experimental and the documentation is lacking, don't even bother if you don't know how to setup a point to point link or how to add the tun device to your kernel. http://www.enst.fr/~beyssac/tunip.tar.gz I have tried several different IPSec packages. Mostly, they just made my machine unstable. This one is *simple* and *effective*. It worked for me out of the box (FreeBSD 2.7 and 3.1). I suggest making a port of it... Despite the disclaimers above about limited function, the only real problem in terms of setting it up and using it day-to-day is an acute lack of documentation. Try it! -mark -- "The American people will never knowingly adopt Socialism, but under the name of Liberalism, they will adopt every fragment of the Socialist program until one day America will be a Socialist nation without knowing how it happened" Norman Thomas - Socialist Party Presidential candidate -mark <thompson@tgsoft.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990506234030.11430.qmail>