From owner-freebsd-security@FreeBSD.ORG Thu Jun 12 15:00:52 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7769937B401 for ; Thu, 12 Jun 2003 15:00:52 -0700 (PDT) Received: from ike.othius.com (24-90-215-123.nyc.rr.com [24.90.215.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CCCC43F85 for ; Thu, 12 Jun 2003 15:00:48 -0700 (PDT) (envelope-from justin@othius.com) Received: from localhost (justin@localhost [127.0.0.1]) by ike.othius.com (8.12.8p1/8.12.8) with ESMTP id h5CM87nT089985; Thu, 12 Jun 2003 18:08:07 -0400 (EDT) (envelope-from justin@othius.com) Date: Thu, 12 Jun 2003 18:08:01 -0400 (EDT) From: Justin To: Lupe Christoph In-Reply-To: <20030612184124.GD26930@lupe-christoph.de> Message-ID: <20030612180120.B54558@ike.othius.com> References: <20030607111540.GC4812@lupe-christoph.de> <20030612132138.A26888@shell.gsinet.sittig.org> <20030612184124.GD26930@lupe-christoph.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-security@FreeBSD.ORG Subject: Re: Impossible to IPfilter this? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 22:00:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 12 Jun 2003, Lupe Christoph wrote: > I've used ipsec0 on Linux for similar purposes, and I would like to see > an IPSec interface in FreeBSD as well. As I said, I could not get GIF to > work with FreeS/WAN, so I'm stuck with the current interface-deprived > IPSec implementation. We haven't gotten to the point of applying ipsec on the traffic between hosts yet (don't worry, only pings and ssh so far anyway) but a friend and I have a gif <-> iptun tunnel setup between a FreeBSD 4.8-RELEASE (plus patches) and a 2.4x kernel with FreeS/WAN. Works fine. Seattle Wireless group had a handy little shell script that the guy at the Linux end based his commands off of. We'll see if problems arise when ipsec is applied to all traffic between the hosts, but I don't anticipate that will cause any problems. http://www.seattlewireless.net/index.cgi/IpTunnel - -Justin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+6PnGdYQBw9Ox1VgRAvTpAJ4nJjrUry6AHdzvwTS5/02WyE9FYACgjDFS GhzSLreKf8i5Ye9TiU5slQY= =jsO1 -----END PGP SIGNATURE-----