On Sun, May 20, 2001 at 04:35:23PM +0300, Miki Shapiro wrote:
> I seemed to have an idea (or possibly a misconception) that IPSec talked
> about generic enctyption on the IP layer
I thought so too, when I first heard about the term, but now I'm not
too sure. Guys, correct me if I'm wrong.
> more than enough at the moment - Cisco's Gre-over-IP, MS-VPN, Checkpoint's
> VPN, The linux kernel IP Tunnel (some of these are probbably the same, I'm
> not intimately acquainted with them all...) and other FW vendors probbably
> have another proprietary protocol or two up their sleeves.
Actually, the nice thing about those VPNs and FreeS/WAN is that they all
use the IPSec protocol and thus can interopperate (so you can tunnel
from Linux to Win2K, VPN-1 or a Cisco).
> Moreover, you can't have two clients on host A and two servers on host B
> where one pair would be talking encrypted and the other not?
It's not a feature of the socket (e.g. setting an ENCRYPTED flag) which
the application can control, but simply a route for the packet, just
like ppp0 or eth0.
--
Best regards,
Ilya Konstantinov
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
