IPSEC + Via Padlock + racoon + Windows
Michael Proto
mike at jellydonut.org
Mon Dec 3 13:29:24 PST 2007
Dewayne Geraghty wrote:
> My apologies for the confusion, yes, the C7 only helps with AES.
>
> The configuration detail is: between branch offices I use FreeBSD ipsec
> (AES), and within the branches Windows boxes access the firewall boxes. The
> "firewalls" run samba inside a jail. Due to sensitive information (see your
> local Privacy legislation), we also need to encrypt the information between
> samba jail and the PC-WXP devices. Hence the need to use ipsec-AES on the
> WAN and ipsec-3des on the LAN (as 3des is the best option selectable for
> WXP).
>
> Regards, Dewayne.
>
Just out of curiosity, what happens if you set
net.inet.ipsec.crypto_support = -1 when using 3DES in your testing? Does
the firewall work then?
-Proto
More information about the freebsd-stable
mailing list