Ok you SKIP gurus (And Joe Provino - you Sun product Guru)
I've been trying to get NATD and SKIP to work with NT 4/FreeBSD.
And I've been able to fracture my arm patting myself on the back, that I
got SKIP working and NAT working. (It was painful....but I thank Joe P and
esp. Greg for the e-mail of his working config and Archie Cobbs for
the port work.)
Now getting them to work together for the client demo.... I've run into
the below:
On Wed, 27 May 1998, Bob Chance wrote:
> It's possible to do SKIP first, but then authentication would fail (since a
> packet would get encrypted and authenticated. Then the source address
> would change, and the authentication value would be invalid). If you don't
> use authentication, then SKIP+NAT is easy. With authentication, you just
> need to do them in the proper order.
And this is the rub. The eval NT copy I have (heads up here Joe. there
does seem to be no expire date on the copy I got. Make sure your future
versions expire on these evals!) only encrypts traffic RC2-40/RC4-40 and
FreeBSD only does DES-CBC/DES-EDE-K3/Safer-128S-CBC/simplecrypt.
FreeBSD will (seem to) allow no traffic encryption/no authent. NT
version wants either traffic or authet. (or both).
So here are the question(s)
Is the new NT version ready?
If we get the $99/129/149(circle one) version for NT, will the traffic
encrypts match?
Is there a way to get skip+nat to work with the tools I have? (FreeBSD
226-the Archie Cobbs port/early NT4 3.0.0.0)
Which of the encryptions is going to minimize packet bandwidth? (CPU
cycles cheap,bandwith across network expensive)
All I'm looking to do is to have FreeBSD take incoming SKIP-ified data,
sent the data to IP's behind FreeBSD as normal data, then have the normal
data going out the FreeBSD to the SKIPified target as SKIP-ified data.
(Is this too much to ask for :-)
