From owner-freebsd-stable@FreeBSD.ORG Mon Dec 3 21:14:22 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FFE816A417 for ; Mon, 3 Dec 2007 21:14:22 +0000 (UTC) (envelope-from phil@amdg.etowns.org) Received: from omta05sl.mx.bigpond.com (omta05sl.mx.bigpond.com [144.140.93.195]) by mx1.freebsd.org (Postfix) with ESMTP id 2C0EA13C4CE for ; Mon, 3 Dec 2007 21:14:21 +0000 (UTC) (envelope-from phil@amdg.etowns.org) Received: from oaamta03sl.mx.bigpond.com ([58.172.113.127]) by omta05sl.mx.bigpond.com with ESMTP id <20071203211420.GKLP14987.omta05sl.mx.bigpond.com@oaamta03sl.mx.bigpond.com> for ; Mon, 3 Dec 2007 21:14:20 +0000 Received: from heuristicsystems.com.au ([58.172.113.127]) by oaamta03sl.mx.bigpond.com with ESMTP id <20071203211416.CKSR12231.oaamta03sl.mx.bigpond.com@heuristicsystems.com.au> for ; Mon, 3 Dec 2007 21:14:16 +0000 Received: from black (black.hs [10.0.5.1]) (authenticated bits=0) by heuristicsystems.com.au (8.13.6/8.13.6) with ESMTP id lB3LF97N079320 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Tue, 4 Dec 2007 08:15:11 +1100 (EST) (envelope-from phil@amdg.etowns.org) From: "Dewayne Geraghty" To: References: <45B7689C.2060209@vwsoft.com> <023801c83548$aac34320$0205000a@white> <47541532.7010300@jellydonut.org> Date: Tue, 4 Dec 2007 08:14:25 +1100 Message-ID: <00c401c835f1$7c6a2260$0105000a@black> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 In-Reply-To: <47541532.7010300@jellydonut.org> Thread-Index: Acg1un+KTh0n+WdzS7iANPoN4gZM9wANYMHg Subject: RE: IPSEC + Via Padlock + racoon + Windows X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2007 21:14:22 -0000 My apologies for the confusion, yes, the C7 only helps with AES. The configuration detail is: between branch offices I use FreeBSD ipsec (AES), and within the branches Windows boxes access the firewall boxes. The "firewalls" run samba inside a jail. Due to sensitive information (see your local Privacy legislation), we also need to encrypt the information between samba jail and the PC-WXP devices. Hence the need to use ipsec-AES on the WAN and ipsec-3des on the LAN (as 3des is the best option selectable for WXP). Regards, Dewayne.