Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Apr 2000 10:56:32 +0200
From:      "Josef Pojsl" <josef.pojsl@skynet.cz>
To:        tom <tomb@cgf.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: IPSec implementation's question
Message-ID:  <20000410105632.A55528@regent.in.skynet.cz>
In-Reply-To: <38EB2B30.79A7105E@cgf.net>; from tomb@cgf.net on Wed, Apr 05, 2000 at 12:01:52PM %2B0000
References:  <38EB2B30.79A7105E@cgf.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Apr 05, 2000 at 12:01:52PM +0000, tom wrote:
> Hi,
> 
> I'm not sure if this is the right place to ask, but..
> 
> I'm trying for the first time to build IPSec from 4.0-Release.  There
> seem to me, a multitude of different ways to do this and I feel a bit
> lost as to which way to go (Is there and official way?).    I've seem
> the KAME  stuff and found an whole load of different resources, all
> witha slightly different approach.
> 
> If anyone has any strong opinions about the good/bad/ugly methods I'd
> love to hear them.
> 
> Tom

Tom,

sorry for answering that late. I don't know what you mean by
different methods of building IPsec. You have only 1 method for
building the FreeBSD kernel with IPSec: just specify options
IPSEC and IPSEC_ESP in your kernel configuration file and build
a new kernel.

If your concern is about IPSec configuration, then it is far more
complicated as there really are many ways of using IPSec.
The three mainly used examples include:
1 machine against 1 machine - look for transport mode
1 machine against a network - look for tunnel mode
a network against another network - tunnel mode again

Look at examples of racoon configuration, do a "man racoon",
"man racoon.conf" and "man setkey".

You can also post your questions to snap-users@kame.net mailing list.

Hope this helps,
Josef

-- 
Josef Pojsl                           mailto:josef.pojsl@skynet.cz
SkyNet, a.s.                                      Network Security
Czech Republic                               http://www.skynet.cz/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000410105632.A55528>