From owner-freebsd-security  Fri Feb  8  8: 2:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from spitfire.velocet.net (spitfire.velocet.net [216.138.223.227])
	by hub.freebsd.org (Postfix) with ESMTP id B740837B404
	for <security@FreeBSD.ORG>; Fri,  8 Feb 2002 08:02:42 -0800 (PST)
Received: from office.tor.velocet.net (trooper.velocet.net [216.138.242.2])
	by spitfire.velocet.net (Postfix) with ESMTP
	id C550EFB468D; Fri,  8 Feb 2002 11:02:41 -0500 (EST)
Received: (from dgilbert@localhost)
	by office.tor.velocet.net (8.11.6/8.9.3) id g18G2f583812;
	Fri, 8 Feb 2002 11:02:41 -0500 (EST)
	(envelope-from dgilbert)
From: David Gilbert <dgilbert@velocet.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15459.63137.108296.892211@trooper.velocet.net>
Date: Fri, 8 Feb 2002 11:02:41 -0500
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: "James F. Hranicky" <jfh@cise.ufl.edu>, security@FreeBSD.ORG
Subject: [security] Questions (Rants?) About IPSEC
In-Reply-To: <200202072142.g17LgDL69359@khavrinen.lcs.mit.edu>
References: <20020207163347.51C606B29@mail.cise.ufl.edu>
	<200202072142.g17LgDL69359@khavrinen.lcs.mit.edu>
X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>>>>> "Garrett" == Garrett Wollman <wollman@khavrinen.lcs.mit.edu> writes:

Garrett> <<On Thu, 07 Feb 2002 11:33:47 -0500, "James F. Hranicky"
Garrett> <jfh@cise.ufl.edu> said:
>> After reading up on IPSEC, I have one major question: Is it really
>> a good protocol?

Garrett> No, but it's the best one we've got.

I've been keen on IPSec for some time ... I've even had it running
between selections of hosts, but I havn't been able to set up two
scenarios that would make it actually useful to me:

1) Wireless DHCP laptop <-- tunnel mode --> gatewaybox

2) Home box on Cable Modem (DHCP) <-- tunnel mode --> office

The basic blocking point is that none of the HOWTO's written on the
subject say anything about dynamic clients.  I would really like to
see a HOWTO (from someone working on this stuff) that assumes the
client is roaming.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://daveg.ca                              |   are precisely opposite.  |
=========================================================GLO================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message