From owner-freebsd-security  Mon Feb 11 18:27:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from newman2.bestweb.net (newman2.bestweb.net [209.94.102.67])
	by hub.freebsd.org (Postfix) with ESMTP id 159E237B4AA
	for <security@FreeBSD.ORG>; Mon, 11 Feb 2002 18:17:36 -0800 (PST)
Received: from okeeffe.bestweb.net (okeefe.bestweb.net [209.94.100.110])
	by newman2.bestweb.net (Postfix) with ESMTP
	id 6E002232FC; Mon, 11 Feb 2002 21:17:06 -0500 (EST)
Received: by okeeffe.bestweb.net (Postfix, from userid 0)
	id E56E99F11B; Mon, 11 Feb 2002 21:12:05 -0500 (EST)
From: David Gilbert <dgilbert@velocet.ca>
Date: Fri, 8 Feb 2002 11:02:41 -0500
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: "James F. Hranicky" <jfh@cise.ufl.edu>, security@FreeBSD.ORG
Subject: [security] Questions (Rants?) About IPSEC
Message-Id: <20020212021205.E56E99F11B@okeeffe.bestweb.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>>>>> "Garrett" == Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes:

Garrett> <<On Thu, 07 Feb 2002 11:33:47 -0500, "James F. Hranicky"
Garrett> <jfh@cise.ufl.edu> said:
>> After reading up on IPSEC, I have one major question: Is it really
>> a good protocol?

Garrett> No, but it's the best one we've got.

I've been keen on IPSec for some time ... I've even had it running
between selections of hosts, but I havn't been able to set up two
scenarios that would make it actually useful to me:

1) Wireless DHCP laptop <-- tunnel mode --> gatewaybox

2) Home box on Cable Modem (DHCP) <-- tunnel mode --> office

The basic blocking point is that none of the HOWTO's written on the
subject say anything about dynamic clients.  I would really like to
see a HOWTO (from someone working on this stuff) that assumes the
client is roaming.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://daveg.ca                              |   are precisely opposite.  |
=========================================================GLO================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message