From owner-freebsd-security Sun Oct 8 23: 0: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from femail2.sdc1.sfba.home.com (femail2.sdc1.sfba.home.com [24.0.95.82]) by hub.freebsd.org (Postfix) with ESMTP id 6EAA537B503 for ; Sun, 8 Oct 2000 23:00:05 -0700 (PDT) Received: from mike.home.net ([24.7.95.143]) by femail2.sdc1.sfba.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001009055955.IRQY27630.femail2.sdc1.sfba.home.com@mike.home.net> for ; Sun, 8 Oct 2000 22:59:55 -0700 Message-Id: <4.3.2.7.2.20001008220611.085d2f00@mail.atomz.com> X-Sender: mpthompson@mail.smateo1.sfba.home.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sun, 08 Oct 2000 22:56:48 -0700 To: freebsd-security@freebsd.org From: Mike Thompson Subject: Encrypted IP tunneling solution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've created a fairly simple little application called stun that essentially combines the functionality of nos-tun with SSH. Stun does for IP tunneling what sftp does for FTP -- it makes it trivial to set up the highly secure tunneling of raw IP packets between any two FreeBSD systems that have SSH and tunneling devices (/dev/tunXX) enabled. Although similar functionality can be had with binding a PPP socket to SSH or setting up IPSEC, I found that neither of these solutions were very easy to implement correctly. I wanted something that would bit simpler for someone with limited Unix admin skills to get working in a reliable manner. My purpose behind this email is to gauge the interest this little application. I currently have it implemented at the experimental stage right now where it seems to work well, but it has not been extensively tested. Unfortunately my time is very limited to work on this, but if there is sufficient interest I would be glad to help someone else evolve it to the point where it is proven to work well and can be contributed to the FreeBSD ports collection. If you are interested, let me know. I'm more than happy to share it, but I guess I'll have to slap a BSD style copyright on the source code first :-). Also, if you know of a similar application already in existence, please let me know so I don't waste my time. BTW, my ultimate goal behind this little application is to get it working with Windows clients running SSH protocols where it can serve as a very simple, but secure VPN solution. As one might expect, it has proven to be much easier to write the FreeBSD/Unix side of things than the Windows side where a virtual NDIS VxD driver or some similar beast will have to be implemented. Mike Thompson mike@atomz.com CTO/Co-Founder Atomz.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message