IPSEC documentation

Eric Masson e-masson at kisoft-services.com
Thu Dec 29 02:51:01 PST 2005


Brian Candler <B.Candler at pobox.com> writes:

Hi,

> security/vpnc works fine for me as a client for talking to a Cisco VPN
> concentrator. I think that's IPSEC tunnel mode + PSK + XAUTH (which can also
> assign an IP address and insert routes into your forwarding table)

Ok, you just need a vpn3000 or other equipment that can act like vpn3000
as remote side.

Emmanuel Dreyfus wrote a nice paper about building a vpn concentrator
that could act as a server for the cisco vpn client :
http://www.netbsd.org/Documentation/network/ipsec/rasvpn.html

Iirc, the same could be done on FreeBSD once NAT-T support is merged in
the main tree.

> There's net/pipsecd in ports. Its version is 19991014. I have no idea if it
> still works.

Interesting, it seems to be a userland implementation of tunnel mode
ipsec tunnel, development has stalled, and dynamic keying is not
supported.

> I know of non-IPSEC solutions using tun (OpenVPN, TINC).

Don't forget SSLTunnel from HSC's Alain Thivillon (ppp over ssl), quite
easy to setup net/ssltunnel-* and useful when http/https is the only
possibility to reach the outside.

> All a bit of a nightmare really. Documentation would be good :-)

Yes, sure. Every setup you talked about is documented somewhere on the
internet, but a synthesis in the handbook would be really useful.

Vpn over ipsec section could be extended to present ipsec based
solutions you talked about in this thread.

I'd then see two more sections covering ssl vpns and host to host ipsec
transport mode (not necessarily in this order)

Regards

Éric

-- 
 tenir à bout de bras un câble ethernet qui traverse une salle de restau
 pour pas qu'il tombe dans les tiramisu, pendant que d'autres parlent en
 infrarouge, c'est bien la vraie vie, n'est-ce pas ?
 -+- DA in Guide du Macounet Pervers : http://www.le-visconti.net/ -+-


More information about the freebsd-net mailing list