Hosting Provided By

Re: linux-ipsec: Another draft effort: vpn mini-howto

From: Hugh Redelmeier <hugh(at)trends.net>
Date: Wed Sep 02 1998 - 19:49:40 EDT

| ... A class C address uses only 8 bits for the

A
| network and 24 for the host, so you get 10.0.0.0/8 to identify a class C

| address in network 10, 172.28.0.0/16 to identify the class B network we are

One thing I'd look for in a howto is some characterization of how effective, convenient, and trustable the system is. This would help people quickly decide if FreeS/WAN is worth looking at, now, or later.

I think Pluto is still fragile in use. For example, it doesn't rekey, and it doesn't recover from a security gateway restart. Perhaps you should warn people not to expect a robust solution (yet).

Another thing that makes me shiver is that Pluto naively believes its peer's claim of representing a subnet (consider the claim 0.0.0.0/0!). This means that the network administrator must trust both security gateways.

Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253 Received on Wed Sep 2 19:49:52 1998

This message: [ Message body ]
Next message: Hugh Daniel: "linux-ipsec: ERROR_MESSAGES: spi invalid key message needs to be better."
Previous message: Hugh Daniel: "linux-ipsec: TEST: Our AH(hmac-md5) works with their AH(hmac-md5-96), opps"
In reply to Randy Dees: "linux-ipsec: Another draft effort: vpn mini-howto"
Next in thread: Randy Dees: "Re: linux-ipsec: Another draft effort: vpn mini-howto"
Reply: Randy Dees: "Re: linux-ipsec: Another draft effort: vpn mini-howto"
Reply: John Gilmore: "Re: linux-ipsec: Another draft effort: vpn mini-howto"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT

Do you need help?