Well, not a perfect solution, but definitely one that should work - with
ipsec performing as Tzafrir described, and using the the mangling table as
Alex has Looks like I'm gonna kill my uptime to try and do this. Wish
me luck :-)
---= Miki Shapiro =--
---= Cell: (+972)-56-32
Hi, Ilya!
On Sun, May 20, 2001 at 02:15:07PM +0300, you wrote the following:
> As far as I see, there's no way to change the destination route based
> on the port (that is, according to man netfilter, there's no such
> option).
Actually it's quite easy to do if you combine netfilter and the pol
Cool :-) Thx!
---= Miki Shapiro =--
---= Cell: (+972)-56-322433 =
---= ICQ: 3EE853 =---
---= Windows Programmer in Rehab =---
-
"If at first you don't succeed...
.. Skydiving is probbably not for you."
On Sun,
I also recommend read the FAQs of NetBSD and FreeBSD:
http://www.netbsd.org/Documentation/network/ipsec/
http://www.r4k.net/ipsec/
They are a good FAQs that I recommend to read. I hope this will give you
the answer.
At 17:33 20/05/01 +0300, you wrote:
>Are we *absolutely sure* we're not confusin
Hi,
I recommend you read the IETF's comprehensive list of papers in:
http://www.ietf.org/ids.by.wg/ipsec.html maybe you will find there your
answer and read the RFCs and surely you will find the answer.
At 17:33 20/05/01 +0300, you wrote:
>Are we *absolutely sure* we're not confusing
>(1) IP-lay
Are we *absolutely sure* we're not confusing
(1) IP-layer encryption (that may.. I hope still.. exist in upcoming OS
implementations)
with
(2) tunneling software (or a tunneling kernel driver) that implements a
simple "tunnel-over-network-interface" to abide with existing
interface/routing mecha
On Sun, May 20, 2001 at 04:35:23PM +0300, Miki Shapiro wrote:
> I seemed to have an idea (or possibly a misconception) that IPSec talked
> about generic enctyption on the IP layer
I thought so too, when I first heard about the term, but now I'm not
too sure. Guys, correct me if I'm wrong.
> more
On Sun, 20 May 2001, Ilya Konstantinov wrote:
> Yet again, I'm not sure it's possible to establish IPSec connections to
> any accepting host around the world without preconfiguring it.
I seemed to have an idea (or possibly a misconception) that IPSec talked
about generic enctyption on the IP lay
On Sun, May 20, 2001 at 02:52:50PM +0300, Miki Shapiro wrote:
> Can I ask my linux box (with this kernel patch) to only use IPSec for
> communication on pre-designated TCP ports? (and have other services such
> as DNS and SMTP go on working without using IPSec?)
As far as I see, there's no way to
On Sun, 20 May 2001, Ilya Konstantinov wrote:
> AFAIK, there isn't such thing as "suggesting".
Win2K allows you, if you're the client, to "ask" the server to use IPSec,
yet fall back to not using it if it refuses. Alternatively, if you're a
paranoid sysadmin with suicidal tendencies and a polic
On Sun, May 20, 2001 at 12:59:43PM +0300, Miki Shapiro wrote:
> Another Q:
>
> I want my box to suggest (yet not require) IPSec over my IPv4 connection,
> especially for incoming sessions.
AFAIK, there isn't such thing as "suggesting". Using IPSec is basically
establishing a VPN tunnel with you
Following some reading-up on www.kerneli.org - anyone know when 2.4.x will
see crypto-inside in its out-of-the-box sources?
thx.
---= Miki Shapiro =--
---= Cell: (+972)-56-322433 =
---= ICQ: 3EE853 =---
---= Windows Programmer in Rehab =---
--
Another Q:
I want my box to suggest (yet not require) IPSec over my IPv4 connection,
especially for incoming sessions.
I have a custom-tailored 2.4.2 as it is, and I didn't find IPSec support
in the config menu. I either missed something or...
Can anyone point it out to me?
(I also really hope
13 matches
Mail list logo