From owner-freebsd-security  Thu Feb 24  7:15: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 91F9F37BD63
	for <freebsd-security@FreeBSD.ORG>; Thu, 24 Feb 2000 07:14:57 -0800 (PST)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA11937;
	Thu, 24 Feb 2000 07:13:39 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda11935; Thu Feb 24 07:13:29 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA07293;
	Thu, 24 Feb 2000 07:13:28 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdIF7291; Thu Feb 24 07:12:50 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.3/8.9.1) id HAA11289;
	Thu, 24 Feb 2000 07:12:50 -0800 (PST)
Message-Id: <200002241512.HAA11289@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdK11284; Thu Feb 24 07:12:16 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.4-RELEASE
X-Sender: cy
To: Damien Tougas <damien@tougas.net>
Cc: David Pick <D.M.Pick@qmw.ac.uk>, freebsd-security@FreeBSD.ORG
Subject: Re: SSH port forwarding 
In-reply-to: Your message of "Thu, 24 Feb 2000 07:50:32 MST."
             <20000224075032.A4699@tougas.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 24 Feb 2000 07:12:15 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <20000224075032.A4699@tougas.net>, Damien Tougas writes:
> Thanks for your detailed diagram, that is great. I realized a while
> after I sent the question, that I was being brain dead, and did not
> fully grasp what was going on and was in fact not setting up my
> connection properly. Now that I have it set it up correctly, it all
> makes sense to me now.
> 
> This seems like an easy way to set up a VPN. The box is both doing
> NAT and the VPN, and hence makes it easy to use it as both an
> internet gateway as well as a VPN. I have heard this method referred
> to as a poor man's VPN, why? Are there better/more preferred
> methods of setting up a VPN? SKIP or IPSEC? Why would I want to
> use one of those instead? Would I need two boxes to achieve the same
> functionality?

You may want to try pipsecd in the ports collection.  Also, 4.0 will 
have KAME IPsec built into it.

I've been using pipsecd since the summer between FreeBSD and Linux 
boxes.  It implements IPsec using the BSD Tunnel Interface.

I've heard on this list that SKIP isn't that stable under FreeBSD.  A 
coworker of mine uses SKIP on a Sun.  He tells me it's not much more 
stable on Solaris either.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@uumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message