Unix Technical Forum

ipsec suggestions?

This is a discussion on ipsec suggestions? within the Slackware Linux Support forums, part of the Unix Operating Systems category; --> Hi all, I'm looking for suggestions on how to proceed in configuring ipsec in Slackware. I'm not necessarily looking ...


Go Back   Unix Technical Forum > Unix Operating Systems > Slackware Linux Support

ipsec suggestions? ipsec suggestions?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-20-2008, 11:43 AM
Keith Keller
 
Posts: n/a
Default ipsec suggestions?
Hi all,

I'm looking for suggestions on how to proceed in configuring ipsec in
Slackware. I'm not necessarily looking for documentation (I've found it
in droves), but for ideas on how long each general route to ipsec might
take, and how difficult one path might be relative to the others. There
are certainly many options:

--Patch the 2.4 kernel, patch 2.6 with KLIPS, or use 2.6's native ipsec?
--Openswan, FreeS/WAN, ipsec-tools?

Mix-n-match to your delight (some options won't work, but most will),
and I've got quite a few choices. Right now I'm leaning towards native
2.6 ipsec with Openswan, but I don't have a lot of experience with 2.6.
OTOH, my last go with ipsec a few years back was with 2.4, and it didn't
go so well, so I'm wary there, too.

If it makes any difference, one end of the ipsec tunnel will (likely) be
an OS X Tiger box. I've seen less documentation on OS X <-> linux
ipsec, but enough that my options should not be too limited.

--keith


--
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 02-20-2008, 11:43 AM
Daniel de Kok
 
Posts: n/a
Default Re: ipsec suggestions?
Hi Keith,

On Mon, 24 Oct 2005 23:04:05 -0700, Keith Keller wrote:
> --Patch the 2.4 kernel, patch 2.6 with KLIPS, or use 2.6's native ipsec?

I would go for the native 2.6 kernel IPsec implementation with the ported
KAME IPsec tools. The 2.6 implementation is similar to that in *BSD, and
the tools are equal (although OpenBSD does not use racoon). This
implementation is tried & tested, and is the standard IPsec implementation
of the future.

> If it makes any difference, one end of the ipsec tunnel will (likely) be
> an OS X Tiger box. I've seen less documentation on OS X <-> linux
> ipsec, but enough that my options should not be too limited.

IIRC Mac OS X has the KAME IPsec implementation, with the normal KAME
tools. If you use the native 2.6 stack and KAME ipsec tools, configuration
on Mac OS X and Linux will virtually be the same (setting up security
policies with setkey, and making security associations with the racoon IKE
daemon).

-- Daniel
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« swap | What happened to Slack World? »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


All times are GMT. The time now is 06:13 AM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0
www.UnixAdminTalk.com