From owner-freebsd-security Thu May 28 01:32:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA29588 for freebsd-security-outgoing; Thu, 28 May 1998 01:32:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from citadel.cdsec.com (citadel.cdsec.com [192.96.22.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA29541 for ; Thu, 28 May 1998 01:32:22 -0700 (PDT) (envelope-from ian@cdsec.com) Received: (from nobody@localhost) by citadel.cdsec.com (8.8.5/8.6.9) id KAA25274; Thu, 28 May 1998 10:38:53 +0200 (SAT) Received: by citadel via recvmail id 25231; Thu May 28 10:38:23 1998 From: Ian Cooper Message-Id: <199805280830.KAA24639@cdsec.com> Subject: Re: FreeBSD Tunneling To: freebsd@atipa.com (Atipa) Date: Thu, 28 May 1998 10:30:35 +0200 (SAT) Cc: freebsd-security@FreeBSD.ORG, opsys@mail.webspan.net In-Reply-To: from "Atipa" at May 27, 98 08:03:32 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > > On Wed, 27 May 1998, Atipa wrote: > > > Well, I think those last bits to the FreeBSD code should be completed in > > South Africa, and distributed from there :) > > I second this! We're presently debugging and extending the WIDE IPSEC implementation to do tunnel mode, and this IS being done in South Africa :) The WIDE implementation, IMHO is a pretty clean one, and since it is inherently a FreeBSD implementation rather than a port, I'd suggest that it be considered as a strong candidate for the "official" implementation. We also have plans for an ISAKMP implementation. If others volunteer to do some of the non-crypto ISAKMP stuff, then we can do the crypto part and that would speed up the availability of isakmp. Ian > > > Jordan mentioned to me that Walnut Creek is in some sort of > > crypto-law-exempt region or something, and FreeBSD can use full-strength > > crypto. Jordan, care to explain? This would be a big loss to FreeBSD if > > this technology goes non-exportable! > > I was not aware of that hmm. > > > Well, if you help me figure it out, I'll write the docs. I'll wait for the > > FreeBSD port (no OpenBSD machines in use now, and I like FreeBSD better!), > > but I'd be happy to contribute. > > I was going to write a section in the handbook for SKIP once I got it > working but im quite convinced SKIP sucks, and while no one likes writing > doc's I have seen more documentation on "undocumented" kernel options > thatn SKIP. Im sure once its working it is probably nice, but I think the > implementation must be piss poor if so many people are finding it > impossible to get configured. > > > Agreed on both accounts. Keep in touch w/ me if you want testers, etc. > > I'd be happy to test it as well. > > Chris > > -- > "I don't do favors, I accumulate debts" > > ===================================| Open Systems Networking And Consulting. > FreeBSD 2.2.6 is available now! | Phone: 316-326-6800 > -----------------------------------| 1402 N. Washington, Wellington, KS-67152 > FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net > http://www.freebsd.org | Consulting-Network Engineering-Security > ===================================| http://open-systems.net > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te > gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC > foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z > d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb > NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv > CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8 > b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4= > =BBjp > -----END PGP PUBLIC KEY BLOCK----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- Ian Cooper (ian@cdsec.com) Tel: +27 21 23-6065 Citadel Data Security Fax: +27 21 24-3656 Citadel Firewall, Citadel VPN Router Unit 3, 46 Orange Street http://www.cdsec.com Cape Town, South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message