Date: Thu, 24 Jan 2002 13:05:33 -0600 From: Eric Anderson <anderson@centtech.com> To: dr3node <dr3node@danceonfire.net> Cc: freebsd-security@freebsd.org Subject: Re: Can't set up an IPsec tunnel. Message-ID: <3C505AFD.52FF9ADE@centtech.com> References: <200201241847.AHX10883@vmms1.verisignmail.com> <3C50588C.7200324B@centtech.com> <200201241900.AHX11812@vmms1.verisignmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As far as I know, no, because that would be like a "man in the middle" attack (I think). Like this: A <--- B ---> C If A is talking to C via IPSEC, A tells C it's IP (the true IP) and C tells A it's IP (its true IP, behind the masquaraded host), but A sees C as B's IP address. How does it know that C knows that B exists? Maybe there is a way to forward or tunnel certain protocols through the Linux box, but this doesn't sound like a good idea to me. You could always use the old crusty SSH tunneling VPN's.. :) Eric P.S. - Don't ask how to do it with SSH. It's been too long. dr3node wrote: > > On Thursday 24 January 2002 21:55, you wrote: > > IPSEC won't work through masquarading boxes or NAT firewalls. > > > > Eric > > is there any way way to cheat? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson anderson@centtech.com Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C505AFD.52FF9ADE>