hunting for secure fileserver-connection!

Chuck Swiger cswiger at
Sun Apr 2 20:58:05 UTC 2006

No at wrote:
> the scenario:
> - freebsd-fileserver with encrypted HDD's (GELI) (1.5TB)
> - windows (sorry for that, it's a requirement) as client
> the quest:
> - securely mount shared filesystems from the server from
>   the windows client w/o being open to sniffers/network
>   hacks (non-weak encryption required)
> - files should be accessible like with windows-fileserver
>   shares through UNC and/or drive-name(s)
> - server and clients should share the same network. (no
>   tunnelling etc...)
> - authentication should be done against local defined users
> what we don't want:
> - VPN/IPSEC/... between the hosts
> - webdav
> we've been looking on solutions like secure nfs over tcp,
> samba, etc... but except making it slower, there have been
> no real good solutions until yet.
> anybody out there, who has a good advice on that?

If you don't trust CIFS/Samba enough to be secure against local sniffers, and
you won't run IPsec, you're left with odd things like Sun's SecureNFS software,
only I doubt that's available for a FreeBSD fileserver.

If you've got 1.5TB of storage, perhaps you should talk to Auspex or NetApp and
see what the NAS folk have to offer...


More information about the freebsd-questions mailing list