From owner-freebsd-security Tue Feb 20 18:27:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-53.dsl.lsan03.pacbell.net [64.165.226.53]) by hub.freebsd.org (Postfix) with ESMTP id 87E5237B4EC; Tue, 20 Feb 2001 18:27:23 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 6F20966F2E; Tue, 20 Feb 2001 18:27:22 -0800 (PST) Date: Tue, 20 Feb 2001 18:27:22 -0800 From: Kris Kennaway To: lists Cc: Kris Kennaway , freebsd-security@freebsd.org Subject: Re: Encrypted networked filesystem needed Message-ID: <20010220182722.F41601@mollari.cthul.hu> References: <00aa01c07cbd$71209dc0$0c00a8c0@ipform.ru> <20010112174616.D23818@citusc.usc.edu> <20010220161423.A34880@mighty.grot.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="CXFpZVxO6m2Ol4tQ" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010220161423.A34880@mighty.grot.org>; from lists@lists.grot.org on Tue, Feb 20, 2001 at 04:14:23PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --CXFpZVxO6m2Ol4tQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 20, 2001 at 04:14:23PM -0800, lists wrote: > On Fri, Jan 12, 2001 at 05:46:16PM -0800, Kris Kennaway wrote: > > On Fri, Jan 12, 2001 at 08:22:58PM +0200, Roman Shterenzon wrote: > >=20 > > > If IPSec is supported on both sides, it is the best available solutio= n. > > > You'll get a completely transparent encryption and a powerful NFSv3 > > > server/client. Did I mention that FreeBSD rocks? > > > This way all network services will be secured and since the most of I= PSec > > > (AH/ESP) is done in the kernel mode, it'll be quite fast even on > > > moderate hardware. > >=20 > > Unfortunately I think there are some layering bugs with NFS + IPSEC on > > FreeBSD - I have had lots of NFS filesystem wedges when testing this. >=20 > Is there an open pr on this or has it been fixed/addressed in 4.2-STABLE? >=20 > I've been trying it and it has worked for 24+ hours without problems (alb= eit > very low NFS traffic) as long as I don't use racoon... If it works for you, great! :) It may indeed have been fixed, there have been a number of bug fixes in -stable since the last time I tried it. Kris --CXFpZVxO6m2Ol4tQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6kyeKWry0BWjoQKURAq6wAJwIKy6rsYSLDODcC4QE3vPQ++TyLACfUMGi NqlShSZ21sBmjIS+Gr9ULk4= =A+mI -----END PGP SIGNATURE----- --CXFpZVxO6m2Ol4tQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message