Re: linux-ipsec: Some FreeS/WAN docu

-----BEGIN PGP SIGNED MESSAGE-----
> Hello,
>
> I've updated and extended my online docu now to match the new KLIPS
> code. I have reorganized the pages a bit so it might become a REAL

This stuff looks pretty good!

> Tunnel Mode, encapsulating all traffic from A-net to E-net:

These numbers sound impressive but I have no credible reference since my hosts are 386's, one gw is a 486 and all my ethernet is 10Mbps...

> Two questions to the developers according to Transport Mode:

It is possible to do a gateway to gateway tunnel as opposed to a host to host or subnet to subnet tunnel, but the gw parameter in the routing is kludged to get around linux routing limitations in the 2.0.x kernels. I don't recommend this since it is more of a black art than a science at the moment. This all applies of course only to two gateways that aren't one hop away or don't have arp entries for each other. They will work when they can see each other directly from the attached physical interface. All this isn't really worth going into unless someone can help us elucidate a solution. The 2.1.x series kernel work should solve this limitation.

There is a tcpdump which will show the contents of an AH, but by nature the ESP one would be impossible unless you ran tcpdump on one of the gateways which had the keys, which I avoid, because it doesn't seem to be completely objective of the packets it sees and sometimes reports three sightings of the same packet.

> Hope this helps a bit for a "wide deployment of IPSec with Linux",

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

It provides a different viewpoint, example which helps, yes.

> Kai

        Slainte Mhath, rgb
- --

Richard Guy Briggs -- PGP key available                       Auto-Free Ottawa!
rgb at conscoop dot ottawa dot on dot ca              
http://www.flora.org/afo/http://www.achilles.net/~rgb/                   Ottawa-Rideau Bioregion, Canada

"We left our footprints in the Earth
And punched a hole right through the sky" -- S.Hogarth/J.Helmer(Marillion)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNWCQMN+sBuIhFagtAQG9IAP+MEn/dmVOYPy/swaekVhHuOfF9xaQIEgx P6mlvwAQOyqLmwnTsu8QkrmNFjLM50T8J+dHFmDg1xTpMmTo2L6A2l2FbUj4Uf03 yvuSfb6If+BGollucyUdsflomiBeVFY0HfzlrmUEPCvamNbKlIHDHXjYj1Vw2YEI qXf4CTwP464=
=FvER
-----END PGP SIGNATURE----- Received on Mon May 18 17:54:26 1998