Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Feb 2000 07:12:15 -0800
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        Damien Tougas <damien@tougas.net>
Cc:        David Pick <D.M.Pick@qmw.ac.uk>, freebsd-security@FreeBSD.ORG
Subject:   Re: SSH port forwarding 
Message-ID:  <200002241512.HAA11289@cwsys.cwsent.com>
In-Reply-To: Your message of "Thu, 24 Feb 2000 07:50:32 MST." <20000224075032.A4699@tougas.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <20000224075032.A4699@tougas.net>, Damien Tougas writes:
> Thanks for your detailed diagram, that is great. I realized a while
> after I sent the question, that I was being brain dead, and did not
> fully grasp what was going on and was in fact not setting up my
> connection properly. Now that I have it set it up correctly, it all
> makes sense to me now.
> 
> This seems like an easy way to set up a VPN. The box is both doing
> NAT and the VPN, and hence makes it easy to use it as both an
> internet gateway as well as a VPN. I have heard this method referred
> to as a poor man's VPN, why? Are there better/more preferred
> methods of setting up a VPN? SKIP or IPSEC? Why would I want to
> use one of those instead? Would I need two boxes to achieve the same
> functionality?

You may want to try pipsecd in the ports collection.  Also, 4.0 will 
have KAME IPsec built into it.

I've been using pipsecd since the summer between FreeBSD and Linux 
boxes.  It implements IPsec using the BSD Tunnel Interface.

I've heard on this list that SKIP isn't that stable under FreeBSD.  A 
coworker of mine uses SKIP on a Sun.  He tells me it's not much more 
stable on Solaris either.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@uumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002241512.HAA11289>