From owner-freebsd-net Wed May 5 15:38:30 1999 Delivered-To: freebsd-net@freebsd.org Received: from fasterix.frmug.org (d155.paris-77.cybercable.fr [212.198.77.155]) by hub.freebsd.org (Postfix) with ESMTP id 04B0715561 for ; Wed, 5 May 1999 15:38:16 -0700 (PDT) (envelope-from pb@fasterix.frmug.org) Received: (from pb@localhost) by fasterix.frmug.org (8.9.3/8.9.3/pb-19990315) id AAA33484; Thu, 6 May 1999 00:37:49 +0200 (CEST) Message-ID: <19990506003741.A33423@fasterix.frmug.fr.net> Date: Thu, 6 May 1999 00:37:41 +0200 From: Pierre Beyssac To: Phillip Ryker , freebsd-net@FreeBSD.ORG Subject: Re: IPsec... References: <372DF279.89628127@skynetweb.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=ReaqsoxgOBHFXBhH X-Mailer: Mutt 0.92.8i In-Reply-To: <372DF279.89628127@skynetweb.com>; from Phillip Ryker on Mon, May 03, 1999 at 08:01:13PM +0100 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii On Mon, May 03, 1999 at 08:01:13PM +0100, Phillip Ryker wrote: > does FreeBSD have IPsec built into the kernel code?? If not, are there > any plans to implement this?? If that's not a rethoric questions (i.e., if you want IPSEC now) and you only need tunnel-mode IPSEC (for a VPN for example), you might be interested by the following (attached) I posted a few days ago to freebsd-security. -- Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org {Free,Net,Open}BSD, Linux : il y a moins bien, mais c'est plus cher Free domains: http://www.eu.org/ or mail dns-manager@EU.org --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=vpn Date: Fri, 30 Apr 1999 23:30:59 +0200 From: Pierre Beyssac To: freebsd-security@FreeBSD.ORG Subject: Re: VPN On Fri, Apr 30, 1999 at 08:36:59AM -0700, Jonathan M. Bresler wrote: > > Don't use Microsoft PPTP, see http://www.counterpane.com/. > the problem is not with PPTP itself, but rather microsoft's > inimitable style of implementing protocols. BTW, as there seems to be a lot of interest in VPNs currently, and I had a need for something that could run between my FreeBSD box and a Linux box, I've written a small usermode IPSEC-compliant tunnel when I became tired of the impressive number of non-compatible hacks based on PPP, ssh, TCP, PPTP, you name it, while IPSEC clearly will sweep all of this. It's more of a proof-of-concept code for the moment (only fixed keys: it lacks key negociation stuff), and it can't beat a kernel implementation for performance, but it's easier to install, easier to port to other systems (you only need some kind of a "tun" device), easier to debug, easier to add weird crypto algorithms, easier to export (the crypto is from the OpenSSL library), and last but not least easier to distribute as a package external to the core OS. I'm happily running it between several FreeBSD and Linux boxes to setup tunnels to friends through my cable modem. If anyone is interested, it can be found here. WARNING: it's really experimental and the documentation is lacking, don't even bother if you don't know how to setup a point to point link or how to add the tun device to your kernel. http://www.enst.fr/~beyssac/tunip.tar.gz -- Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org {Free,Net,Open}BSD, Linux : il y a moins bien, mais c'est plus cher Free domains: http://www.eu.org/ or mail dns-manager@EU.org --ReaqsoxgOBHFXBhH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message