Date: Sat, 09 Jan 1999 23:16:17 +0900 From: Jun-ichiro itojun Hagino <itojun@kame.net> To: Danny Dulai <nirva@ishiboo.com> Cc: freebsd-current <freebsd-current@FreeBSD.ORG> Subject: Re: VPN Message-ID: <12069.915891377@coconut.itojun.org> In-Reply-To: nirva's message of Sat, 09 Jan 1999 08:28:47 EST. <19990109082847.15715@bleep.ishiboo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Does anyone know how to setup VPN or PPTP on freebsd? >I have a setup working with ppp over ssh. Scripts, netmap and ipfw info >are available at http://www.ishiboo.com/~nirva/vpn/. >I had most of an OpenBSD<-->FreeBSD w/ OpenBSD IPSec patches VPN working, >but the port of the patches seems to have broken something, and i can't >get it all working.. KAME didnt support tunneling last I looked, maybe >it does now... http://www.kame.net. We have two variants of KAME patch kit ready for you for doing VPN, one is ongoing: for FreeBSD 2.2.8-RELEASE, IPsec and/or IPv6 (you can disable IPv6 if you want to) for FreeBSD 3.0-RELEASE, IPsec only for FreeBSD 3.0-RELEASE, IPsec and/or IPv6 (ongoing, soon be released) Take a look at ftp.kame.net and www.kame.net for details. We are able to do, of course, IPsec tunnels over IPv4. IPsec tunnels over IPv6 will be finalized after we are sure that our design for IPv4 case works right for every situations possible. (tunnels are ugly thing...) itojun, KAME project --- algorithms we support 4.3 Conformance to RFCs and IDs The IPsec code in the kernel conforms (or, tries to conform) to the following standards: "old IPsec" specification documented in rfc182[5-9].txt "new IPsec" specification documented in rfc240[1-6].txt, rfc241[01].txt, rfc2451.txt and draft-mcdonald-simple-ipsec-api-01.txt. (NOTE: IKE specifications, rfc241[7-9].txt are implemented in userland, as "racoon" IKE daemon) Currently supported algorithms are: old IPsec AH null crypto checksum (no document, just for debugging) keyed MD5 with 128bit crypto checksum (rfc1828.txt) keyed SHA1 with 128bit crypto checksum (no document) HMAC MD5 with 128bit crypto checksum (rfc2085.txt) HMAC SHA1 with 128bit crypto checksum (no document) old IPsec ESP null encryption (no document, similar to rfc2410.txt) DES-CBC mode (rfc1829.txt) new IPsec AH null crypto checksum (no document, just for debugging) keyed MD5 with 96bit crypto checksum (no document) keyed SHA1 with 96bit crypto checksum (no document) HMAC MD5 with 96bit crypto checksum (rfc2403.txt HMAC SHA1 with 96bit crypto checksum (rfc2404.txt) new IPsec ESP null encryption (rfc2410.txt) DES-CBC with derived IV (draft-ietf-ipsec-ciph-des-derived-01.txt, draft expired) DES-CBC with explicit IV (rfc2405.txt) 3DES-CBC with explicit IV (rfc2451.txt) BLOWFISH CBC (rfc2451.txt) CAST128 CBC (rfc2451.txt) RC5 CBC (rfc2451.txt) each of the above can be combined with: ESP authentication with HMAC-MD5(96bit) ESP authentication with HMAC-SHA1(96bit) The following algorithms are NOT supported: old IPsec AH HMAC MD5 with 128bit crypto checksum + 64bit replay prevention (rfc2085.txt) keyed SHA1 with 160bit crypto checksum + 32bit padding (rfc1852.txt) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12069.915891377>