Cool :-) Thx!
---= Miki Shapiro =------------------
---= Cell: (+972)-56-322433 =--------
---= ICQ: 3EE853 =-------------------
---= Windows Programmer in Rehab =---
-------------------------------------
"If at first you don't succeed...
.. Skydiving is probbably not for you."
On Sun, 20 May 2001, Eran Levy wrote:
> I also recommend read the FAQs of NetBSD and FreeBSD:
> http://www.netbsd.org/Documentation/network/ipsec/
> http://www.r4k.net/ipsec/
> They are a good FAQs that I recommend to read. I hope this will give you
> the answer.
> At 17:33 20/05/01 +0300, you wrote:
> >Are we *absolutely sure* we're not confusing
> >(1) IP-layer encryption (that may.. I hope still.. exist in upcoming OS
> >implementations)
> >with
> >(2) tunneling software (or a tunneling kernel driver) that implements a
> >simple "tunnel-over-network-interface" to abide with existing
> >interface/routing mechanisms in linux and that just UTILIZES IPSec (albeit
> >not to its full extent) as an encryption mechanism?
> >
> >Is anone familiar with other OS implementations of IPSec or IETF's draft
> >of what facilities a full implementation should provide? (I think I'm off
> >to do some RFC reading... :-))
> >
> >
> >---= Miki Shapiro =------------------
> > ---= Cell: (+972)-56-322433 =--------
> > ---= ICQ: 3EE853 =-------------------
> > ---= Windows Programmer in Rehab =---
> > -------------------------------------
> >
> >"If at first you don't succeed...
> >.. Skydiving is probbably not for you."
> >
> >On Sun, 20 May 2001, Ilya Konstantinov wrote:
> >
> > > On Sun, May 20, 2001 at 04:35:23PM +0300, Miki Shapiro wrote:
> > > > I seemed to have an idea (or possibly a misconception) that IPSec talked
> > > > about generic enctyption on the IP layer
> > >
> > > I thought so too, when I first heard about the term, but now I'm not
> > > too sure. Guys, correct me if I'm wrong.
> > >
> > > > more than enough at the moment - Cisco's Gre-over-IP, MS-VPN,
> > Checkpoint's
> > > > VPN, The linux kernel IP Tunnel (some of these are probbably the
> > same, I'm
> > > > not intimately acquainted with them all...) and other FW vendors
> > probbably
> > > > have another proprietary protocol or two up their sleeves.
> > >
> > > Actually, the nice thing about those VPNs and FreeS/WAN is that they all
> > > use the IPSec protocol and thus can interopperate (so you can tunnel
> > > from Linux to Win2K, VPN-1 or a Cisco).
> > >
> > > > Moreover, you can't have two clients on host A and two servers on host B
> > > > where one pair would be talking encrypted and the other not?
> > >
> > > It's not a feature of the socket (e.g. setting an ENCRYPTED flag) which
> > > the application can control, but simply a route for the packet, just
> > > like ppp0 or eth0.
> > >
> > > --
> > > Best regards,
> > > Ilya Konstantinov
> > >
> >
> >
> >=================================================================
> >To unsubscribe, send mail to [EMAIL PROTECTED] with
> >the word "unsubscribe" in the message body, e.g., run the command
> >echo unsubscribe | mail [EMAIL PROTECTED]
>
>
> ----
> Regards,
> Eran Levy.
> E-mail: [EMAIL PROTECTED]
> WebSite: http://come.to/liloboot
>
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
>
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
