From owner-freebsd-security Tue Feb 20 16:14:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from mighty.grot.org (mighty.grot.org [216.15.97.5]) by hub.freebsd.org (Postfix) with ESMTP id 57F5237B4EC; Tue, 20 Feb 2001 16:14:24 -0800 (PST) (envelope-from lists@grot.org) Received: by mighty.grot.org (Postfix, from userid 998) id 899FB5DCB; Tue, 20 Feb 2001 16:14:23 -0800 (PST) Date: Tue, 20 Feb 2001 16:14:23 -0800 From: lists To: Kris Kennaway Cc: freebsd-security@freebsd.org Subject: Re: Encrypted networked filesystem needed Message-ID: <20010220161423.A34880@mighty.grot.org> Reply-To: lists@lists.grot.org References: <00aa01c07cbd$71209dc0$0c00a8c0@ipform.ru> <20010112174616.D23818@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010112174616.D23818@citusc.usc.edu>; from kris@FreeBSD.ORG on Fri, Jan 12, 2001 at 05:46:16PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 12, 2001 at 05:46:16PM -0800, Kris Kennaway wrote: > On Fri, Jan 12, 2001 at 08:22:58PM +0200, Roman Shterenzon wrote: > > > If IPSec is supported on both sides, it is the best available solution. > > You'll get a completely transparent encryption and a powerful NFSv3 > > server/client. Did I mention that FreeBSD rocks? > > This way all network services will be secured and since the most of IPSec > > (AH/ESP) is done in the kernel mode, it'll be quite fast even on > > moderate hardware. > > Unfortunately I think there are some layering bugs with NFS + IPSEC on > FreeBSD - I have had lots of NFS filesystem wedges when testing this. Is there an open pr on this or has it been fixed/addressed in 4.2-STABLE? I've been trying it and it has worked for 24+ hours without problems (albeit very low NFS traffic) as long as I don't use racoon... Thanks, Adi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message