From owner-freebsd-security  Fri Nov 24 18:42:19 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id SAA16169
          for security-outgoing; Fri, 24 Nov 1995 18:42:19 -0800
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id SAA16160
          for <security@freebsd.org>; Fri, 24 Nov 1995 18:42:15 -0800
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id CAA02783; Sat, 25 Nov 1995 02:41:08 GMT
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199511250241.CAA02783@genesis.atrad.adelaide.edu.au>
Subject: Re: I wonder how much trouble something like this would be to do? :)
To: stesin@elvisti.kiev.ua (Andrew V. Stesin)
Date: Sat, 25 Nov 1995 02:41:08 +0000 ()
Cc: jkh@time.cdrom.com, security@freebsd.org
In-Reply-To: <199511241604.SAA13149@office.elvisti.kiev.ua> from "Andrew V. Stesin" at Nov 24, 95 06:04:55 pm
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1325      
Sender: owner-security@freebsd.org
Precedence: bulk

Andrew V. Stesin stands accused of saying:
> 	So, we have two firewalled networks; each has
> 	a "tunelling proxy", which accepts connections from
> 	inside, and another -- from the outside (or may this be
> 	a single proxy program?) and -- voila, wer'e Ok, we have
> 	a secure channel over an insecure network?

As I've mentioned a number of times in various FreeBSD groups, a local
provider has already implemented the base of this using FreeBSD.

The code for either end (symmetrical, no encryption) runs to about
50 lines, including comments 8)

It uses the tun device, and raw IP sockets for its transport. (What's
the point of wrapping IP in TCP? IP is unreliable anyway 8))

They use it mostly for providing "exclusive routes", rather than security.

So if any of our securty gurus want to "get dirty" with a straightforward 
end-to-end encryption setup, FreeBSD has all of the hooks ready for this 8)
(at a lot less than $3600 a pop 8)


-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 041-122-496        [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] "Who does BSD?" "We do Chucky, we do."                               [[