Date: Sat, 25 Nov 1995 02:41:08 +0000 () From: Michael Smith <msmith@atrad.adelaide.edu.au> To: stesin@elvisti.kiev.ua (Andrew V. Stesin) Cc: jkh@time.cdrom.com, security@freebsd.org Subject: Re: I wonder how much trouble something like this would be to do? :) Message-ID: <199511250241.CAA02783@genesis.atrad.adelaide.edu.au> In-Reply-To: <199511241604.SAA13149@office.elvisti.kiev.ua> from "Andrew V. Stesin" at Nov 24, 95 06:04:55 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew V. Stesin stands accused of saying: > So, we have two firewalled networks; each has > a "tunelling proxy", which accepts connections from > inside, and another -- from the outside (or may this be > a single proxy program?) and -- voila, wer'e Ok, we have > a secure channel over an insecure network? As I've mentioned a number of times in various FreeBSD groups, a local provider has already implemented the base of this using FreeBSD. The code for either end (symmetrical, no encryption) runs to about 50 lines, including comments 8) It uses the tun device, and raw IP sockets for its transport. (What's the point of wrapping IP in TCP? IP is unreliable anyway 8)) They use it mostly for providing "exclusive routes", rather than security. So if any of our securty gurus want to "get dirty" with a straightforward end-to-end encryption setup, FreeBSD has all of the hooks ready for this 8) (at a lot less than $3600 a pop 8) -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 041-122-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] "Who does BSD?" "We do Chucky, we do." [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511250241.CAA02783>