From owner-freebsd-security@FreeBSD.ORG Sat Jun 14 02:55:03 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C423337B401 for ; Sat, 14 Jun 2003 02:55:03 -0700 (PDT) Received: from buexe.b-5.de (buexe.b-5.de [80.148.32.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3678543F93 for ; Sat, 14 Jun 2003 02:55:01 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de ([172.17.0.9])h5E9sgi27085; Sat, 14 Jun 2003 11:54:54 +0200 Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 8618F5F9; Sat, 14 Jun 2003 11:54:33 +0200 (CEST) Date: Sat, 14 Jun 2003 11:54:33 +0200 To: Justin Message-ID: <20030614095433.GA29210@lupe-christoph.de> References: <20030607111540.GC4812@lupe-christoph.de> <20030610230744.GD44069@blossom.cjclark.org> <20030612132138.A26888@shell.gsinet.sittig.org> <20030612184124.GD26930@lupe-christoph.de> <20030612180120.B54558@ike.othius.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030612180120.B54558@ike.othius.com> User-Agent: Mutt/1.5.4i From: lupe@lupe-christoph.de (Lupe Christoph) cc: freebsd-security@FreeBSD.ORG Subject: Re: Impossible to IPfilter this? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jun 2003 09:55:04 -0000 On Thursday, 2003-06-12 at 18:08:01 -0400, Justin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > On Thu, 12 Jun 2003, Lupe Christoph wrote: > > I've used ipsec0 on Linux for similar purposes, and I would like to see > > an IPSec interface in FreeBSD as well. As I said, I could not get GIF to > > work with FreeS/WAN, so I'm stuck with the current interface-deprived > > IPSec implementation. > We haven't gotten to the point of applying ipsec on the traffic between > hosts yet (don't worry, only pings and ssh so far anyway) but a friend and > I have a gif <-> iptun tunnel setup between a FreeBSD 4.8-RELEASE (plus > patches) and a 2.4x kernel with FreeS/WAN. Works fine. I'd appreciate seeing your config files for both sides. racoon.conf and ipsec.conf. > Seattle Wireless group had a handy little shell script that the guy at the > Linux end based his commands off of. We'll see if problems arise when > ipsec is applied to all traffic between the hosts, but I don't anticipate > that will cause any problems. > http://www.seattlewireless.net/index.cgi/IpTunnel I'm afraid, this is talking about IPTunnel. IPTunnel does not do IPSec. As I understand this, the traffic is not secured (authenticated, encrypted). So you may not have the config files I asked for above at all. Please recheck what you have. Thank you, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |