From owner-freebsd-security Wed Oct 11 10:21:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id C202A37B502 for ; Wed, 11 Oct 2000 10:21:09 -0700 (PDT) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Wed, 11 Oct 2000 10:20:14 -0700 Message-ID: <00cc01c033a8$a9c70a50$fd01a8c0@pacbell.net> From: "John Howie" To: , "Mike Thompson" References: <4.3.2.7.2.20001008220611.085d2f00@mail.atomz.com> Subject: Re: Encrypted IP tunneling solution Date: Wed, 11 Oct 2000 10:28:24 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Mike Thompson" To: Sent: Sunday, October 08, 2000 10:56 PM Subject: Encrypted IP tunneling solution > I've created a fairly simple little application called stun that > essentially combines the functionality of nos-tun with SSH. Stun does for > IP tunneling what sftp does for FTP -- it makes it trivial to set up the > highly secure tunneling of raw IP packets between any two FreeBSD systems > that have SSH and tunneling devices (/dev/tunXX) enabled. [stuff deleted] > BTW, my ultimate goal behind this little application is to get it working > with Windows clients running SSH protocols where it can serve as a very > simple, but secure VPN solution. As one might expect, it has proven to be > much easier to write the FreeBSD/Unix side of things than the Windows side > where a virtual NDIS VxD driver or some similar beast will have to be > implemented. Actually, it might not be as hard as you think. I wrote an IP tunnelling interface for an X.25 (remember that?) card for SunOS 4.X and ported a large chunk of it to Windows NT 3.1 way back. The way I wrote it was to have the tunnelling code running in user space and have that access the dummy interface in the kernel. Sure it was slower than a pure kernel solution but back then the graphics was all in user space too. I might have some free time coming up so let me know if you need help. I'll see if I can find the code. > Mike Thompson > mike@atomz.com > CTO/Co-Founder Atomz.com john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message