Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] IPSEC Server Side Software


FreeS/WAN works great with Windows. Use the X.509 patch and the info here:
http://www.natecarlson.com/linux/ipsec-x509.php

Tim White

-----Original Message-----
From: Nathan Chan [mailto:chan@xxxxxxxxxx]
Sent: Monday, April 07, 2003 11:39 AM
To: Del
Cc: SLUG
Subject: Re: [SLUG] IPSEC Server Side Software


Thanks All.

What i was more wondering was, have people tested this with 
Windoze for one and secondly, how have people found the 
compatability for lower end routers like some of these "DSL 
routers" which have IPSEC built in .... not your major brands like 
Cisco etc.. but more like your netcomm etc..

Nathan

> > Anyone know of some IPSEC Tunnel Server side software which 
> > can be put onto a Linux box, so that a Router / Windoze box could 
> > IPSEC tunnel into ?
> 
> FreeS/WAN, as someone's already commented.
> 
> I'll make some additional points:
> 
> -  There's no such thing as an IPSec "server" or IPSec "client".  They are
>     both just "endpoints".  i.e. each side can be set up to authenticate the
>     other.  Of course some software that's sold as a "client" just has the
>     detection of incoming connection traffic disabled so you can't just
>     initiate an IPSec connection into it, but it's still really just an
>     "endpoint".
> 
> -  I can't recommend IPCop highly enough for IPSec.  Sure it is designed
>     to run as a dedicated firewall appliance and doesn't just sit on your
>     existing Linux machine, but it makes setting up IPSec a thousand times
>     easier.  www.ipcop.org
> 
> -  Router?  Cisco perhaps?  Better go sign up for export approval for a
>     3DES key from Cisco.  Cisco only ship (by default) single DES enabled
>     routers outside of the US, and FreeS/WAN (quite rightly) only supports
>     3DES not single DES.
> 
> -- 
> Del
> 


-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
#####################################################################################
This email has been scanned by MailMarshal, an email content filter.
#####################################################################################