From owner-freebsd-security  Tue Apr 11  0: 9:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: from castelan.in.skynet.cz (gate.in.skynet.cz [193.165.192.32])
	by hub.freebsd.org (Postfix) with SMTP id 7A68F37BD87
	for <freebsd-security@freebsd.org>; Tue, 11 Apr 2000 00:09:18 -0700 (PDT)
	(envelope-from josef.pojsl@skynet.cz)
Received: (qmail 18561 invoked from network); 10 Apr 2000 08:56:33 -0000
Received: from regent.in.skynet.cz (192.168.192.14)
  by hub.freebsd.org with SMTP; 10 Apr 2000 08:56:33 -0000
Received: (qmail 55692 invoked by uid 1000); 10 Apr 2000 08:56:32 -0000
From: "Josef Pojsl" <josef.pojsl@skynet.cz>
Date: Mon, 10 Apr 2000 10:56:32 +0200
To: tom <tomb@cgf.net>
Cc: freebsd-security@freebsd.org
Subject: Re: IPSec implementation's question
Message-ID: <20000410105632.A55528@regent.in.skynet.cz>
Mail-Followup-To: tom <tomb@cgf.net>, freebsd-security@freebsd.org
References: <38EB2B30.79A7105E@cgf.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.1.1i
In-Reply-To: <38EB2B30.79A7105E@cgf.net>; from tomb@cgf.net on Wed, Apr 05, 2000 at 12:01:52PM +0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Apr 05, 2000 at 12:01:52PM +0000, tom wrote:
> Hi,
> 
> I'm not sure if this is the right place to ask, but..
> 
> I'm trying for the first time to build IPSec from 4.0-Release.  There
> seem to me, a multitude of different ways to do this and I feel a bit
> lost as to which way to go (Is there and official way?).    I've seem
> the KAME  stuff and found an whole load of different resources, all
> witha slightly different approach.
> 
> If anyone has any strong opinions about the good/bad/ugly methods I'd
> love to hear them.
> 
> Tom

Tom,

sorry for answering that late. I don't know what you mean by
different methods of building IPsec. You have only 1 method for
building the FreeBSD kernel with IPSec: just specify options
IPSEC and IPSEC_ESP in your kernel configuration file and build
a new kernel.

If your concern is about IPSec configuration, then it is far more
complicated as there really are many ways of using IPSec.
The three mainly used examples include:
1 machine against 1 machine - look for transport mode
1 machine against a network - look for tunnel mode
a network against another network - tunnel mode again

Look at examples of racoon configuration, do a "man racoon",
"man racoon.conf" and "man setkey".

You can also post your questions to snap-users@kame.net mailing list.

Hope this helps,
Josef

-- 
Josef Pojsl                           mailto:josef.pojsl@skynet.cz
SkyNet, a.s.                                      Network Security
Czech Republic                               http://www.skynet.cz/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message