Date: Thu, 24 Feb 2000 07:12:15 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Damien Tougas <damien@tougas.net> Cc: David Pick <D.M.Pick@qmw.ac.uk>, freebsd-security@FreeBSD.ORG Subject: Re: SSH port forwarding Message-ID: <200002241512.HAA11289@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 24 Feb 2000 07:50:32 MST." <20000224075032.A4699@tougas.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000224075032.A4699@tougas.net>, Damien Tougas writes: > Thanks for your detailed diagram, that is great. I realized a while > after I sent the question, that I was being brain dead, and did not > fully grasp what was going on and was in fact not setting up my > connection properly. Now that I have it set it up correctly, it all > makes sense to me now. > > This seems like an easy way to set up a VPN. The box is both doing > NAT and the VPN, and hence makes it easy to use it as both an > internet gateway as well as a VPN. I have heard this method referred > to as a poor man's VPN, why? Are there better/more preferred > methods of setting up a VPN? SKIP or IPSEC? Why would I want to > use one of those instead? Would I need two boxes to achieve the same > functionality? You may want to try pipsecd in the ports collection. Also, 4.0 will have KAME IPsec built into it. I've been using pipsecd since the summer between FreeBSD and Linux boxes. It implements IPsec using the BSD Tunnel Interface. I've heard on this list that SKIP isn't that stable under FreeBSD. A coworker of mine uses SKIP on a Sun. He tells me it's not much more stable on Solaris either. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@uumail.gov.bc.ca UNIX Group, ITSD, ISTA Province of BC "COBOL IS A WASTE OF CARDS." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002241512.HAA11289>