Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: pipsecd example?

Re: pipsecd example?

Philip Hallstrom (philipadhesivemedia.com)
Thu, 14 Oct 1999 12:55:35 -0700 (PDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Kris Kennaway: "Re: FreeSSH"
Previous message: Patrick Bihan-Faou: "Re: FreeSSH"
In reply to: Tim Tsai: "Re: FreeSSH"
Next in thread: Pierre Beyssac: "Re: pipsecd example?"
Reply: Pierre Beyssac: "Re: pipsecd example?"

Yahoo!

I got it working. This is really cool. I've got one final question --

how can I verify that it is indeed encrypting the connection? I looked at
tcpdump, but I'm not the best network packet analyzer in the world :)

Thanks for everyone's help! If I get a few moments I'm going to put
together a step by step and post it somewhere for others...

On Wed, 13 Oct 1999, Patrick Bihan-Faou wrote:

> Hi,
>
> > My setup:
> >
> > [---------] [---------]
> > [ FreeBSD ] [ FreeBSD ]
> > LAN A --[ 1 ]-- 1.1.1.1 -> INTERNET <- 2.2.2.2 --[ 2 ]-- LAN
> B
> > 10.0.0.x [ 3.2 ] [ 3.2 ]
> 10.2.0.x
> > [---------] [---------]
> >
> >
> > I've looked through the pipsecd.conf and it baffles me. For example --
> > where do the values for the various keys come from?
>
> Your imagination... As long as one end's remote key(s) is the other end's
> local key(s). There is a mistake in the sample configuration file. I will
> correct it sometime...
>
>
> > Also, a general question. If I'm on client 10.2.0.5 and telnet to
> > 10.0.0.5, will it say that I am from 10.2.0.5 or from 2.2.2.2?
>
> Well it depends... If you are not running nat on the "tunX" interface (which
> should be the standard case), then you will be comming from 10.2.0.5.
>
> The "tunX" interface looks and behaves (almost) exactly as if you had a NIC
> card connected to a network with only 2 hosts (the local one and the remote
> one). The only difference is that instead of having a hardware connection (a
> ethernet wire), it has a software one (pipsecd). BTW, this also means that
> it needs an IP address on the network you chose as the "tunnel" network.
>
> Patrick.
>
>

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Kris Kennaway: "Re: FreeSSH"
Previous message: Patrick Bihan-Faou: "Re: FreeSSH"
In reply to: Tim Tsai: "Re: FreeSSH"
Next in thread: Pierre Beyssac: "Re: pipsecd example?"
Reply: Pierre Beyssac: "Re: pipsecd example?"

This archive was generated by hypermail 2.0b3 on Thu Oct 14 1999 - 14:53:44 CDT