I also recommend read the FAQs of NetBSD and FreeBSD:
http://www.netbsd.org/Documentation/network/ipsec/
http://www.r4k.net/ipsec/
They are a good FAQs that I recommend to read. I hope this will give you
the answer.
At 17:33 20/05/01 +0300, you wrote:
>Are we *absolutely sure* we're not confusing
>(1) IP-layer encryption (that may.. I hope still.. exist in upcoming OS
>implementations)
>with
>(2) tunneling software (or a tunneling kernel driver) that implements a
>simple "tunnel-over-network-interface" to abide with existing
>interface/routing mechanisms in linux and that just UTILIZES IPSec (albeit
>not to its full extent) as an encryption mechanism?
>
>Is anone familiar with other OS implementations of IPSec or IETF's draft
>of what facilities a full implementation should provide? (I think I'm off
>to do some RFC reading... :-))
>
>
>---= Miki Shapiro =------------------
> ---= Cell: (+972)-56-322433 =--------
> ---= ICQ: 3EE853 =-------------------
> ---= Windows Programmer in Rehab =---
> -------------------------------------
>
>"If at first you don't succeed...
>.. Skydiving is probbably not for you."
>
>On Sun, 20 May 2001, Ilya Konstantinov wrote:
>
> > On Sun, May 20, 2001 at 04:35:23PM +0300, Miki Shapiro wrote:
> > > I seemed to have an idea (or possibly a misconception) that IPSec talked
> > > about generic enctyption on the IP layer
> >
> > I thought so too, when I first heard about the term, but now I'm not
> > too sure. Guys, correct me if I'm wrong.
> >
> > > more than enough at the moment - Cisco's Gre-over-IP, MS-VPN,
> Checkpoint's
> > > VPN, The linux kernel IP Tunnel (some of these are probbably the
> same, I'm
> > > not intimately acquainted with them all...) and other FW vendors
> probbably
> > > have another proprietary protocol or two up their sleeves.
> >
> > Actually, the nice thing about those VPNs and FreeS/WAN is that they all
> > use the IPSec protocol and thus can interopperate (so you can tunnel
> > from Linux to Win2K, VPN-1 or a Cisco).
> >
> > > Moreover, you can't have two clients on host A and two servers on host B
> > > where one pair would be talking encrypted and the other not?
> >
> > It's not a feature of the socket (e.g. setting an ENCRYPTED flag) which
> > the application can control, but simply a route for the packet, just
> > like ppp0 or eth0.
> >
> > --
> > Best regards,
> > Ilya Konstantinov
> >
>
>
>=================================================================
>To unsubscribe, send mail to [EMAIL PROTECTED] with
>the word "unsubscribe" in the message body, e.g., run the command
>echo unsubscribe | mail [EMAIL PROTECTED]
----
Regards,
Eran Levy.
E-mail: [EMAIL PROTECTED]
WebSite: http://come.to/liloboot
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
