From owner-freebsd-security  Thu Sep  2  4:45:18 1999
Delivered-To: freebsd-security@freebsd.org
Received: from netserv1.chg.ru (netserv1.chg.ru [193.233.46.3])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4D86514F02; Thu,  2 Sep 1999 04:45:02 -0700 (PDT)
	(envelope-from ks@chg.ru)
Received: from speecart.chg.ru (speecart.chg.ru [193.233.46.2])
	by netserv1.chg.ru (8.9.3/8.9.1) with ESMTP id PAA20293;
	Thu, 2 Sep 1999 15:44:51 +0400 (MSD)
Message-ID: <XFMail.990902154244.ks@chg.ru>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Date: Thu, 02 Sep 1999 15:42:44 +0400 (MSD)
Organization: Landau Institute for Theoretical Physics
From: "Sergey S. Kosyakov" <ks@Chg.RU>
To: freebsd-net@freebsd.org, freebsd-security@freebsd.org,
	freebsd-users@freebsd.org
Subject: New tool for IP secure tunnels
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


1.0 version of TUND was released.
ftp://ftp.chg.ru/pub/networking/freebsd/README.


TUND allows for creation IP over IP (current version) tunnels, which
can help to organize private networks, secure channels, non-tivial network
topologies, etc. 

TUND can work upon tun(4) interface or divert(4) sockets.

With single running process of TUND up to 65534 tunnels can be created.

If tunnel is configured to work with tun(4) pseudo-device, it can be feeded
with standard IP routing (route add ...)

I the case of ipfw(8), when tunnel is configured to work with divert(4)
socket, it can be feeded in many ways - by source or destination, by
protocol, by ports, etc.

TUND supports compression with ZLIB. Compression level can be configured in
tund.conf.

Data in tunnels can be encrypted with BlowFish, IDEA or RC5 ciphers from
OPenSSL.

Symmetric keys for ciphers are passed with RSA identification and encryption.
Each host running TUND has own RSA private key. Public version of this key
should be transferred to other end of tunnel.

Random number is mixed with data before encryption for preventing "dictionary"
attack.


---
----------------------------------
Sergey Kosyakov
Laboratory of Distributed Computing
Department of High-Performance Computing and Applied Network Research
Landau Institute for Theoretical Physics
E-Mail: ks@chg.ru
Date: 02-Sep-99
Time: 15:38:56
----------------------------------
---


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message