Re: Can't set up an IPsec tunnel. - Eric Anderson - org.freebsd.freebsd-security

18 messages in org.freebsd.freebsd-securityRe: Can't set up an IPsec tunnel.

From	Sent On	Attachments
dr3node	Jan 24, 2002 7:47 am
Lawrence Sica	Jan 24, 2002 9:59 am
dr3node	Jan 24, 2002 10:43 am
Eric Anderson	Jan 24, 2002 10:54 am
dr3node	Jan 24, 2002 10:56 am
Eric Anderson	Jan 24, 2002 11:05 am
Lawrence Sica	Jan 24, 2002 11:05 am
Eric Anderson	Jan 24, 2002 11:06 am
Lawrence Sica	Jan 24, 2002 11:22 am
Kerin Millar	Jan 24, 2002 11:26 am
Eric Anderson	Jan 24, 2002 11:29 am
Thomas T. Veldhouse	Jan 24, 2002 11:43 am
Nate Williams	Jan 24, 2002 12:01 pm
Nate Williams	Jan 24, 2002 12:06 pm
Eric Anderson	Jan 24, 2002 12:11 pm
Nate Williams	Jan 24, 2002 12:14 pm
Peter Chiu	Jan 24, 2002 1:26 pm
Vadim E. Martysh	Jan 24, 2002 2:11 pm

Subject:	Re: Can't set up an IPsec tunnel.
From:	Eric Anderson (ande...@centtech.com)
Date:	Jan 24, 2002 11:05:11 am
List:	org.freebsd.freebsd-security

As far as I know, no, because that would be like a "man in the middle" attack (I think). Like this:

A <--- B ---> C

If A is talking to C via IPSEC, A tells C it's IP (the true IP) and C tells A it's IP (its true IP, behind the masquaraded host), but A sees C as B's IP address. How does it know that C knows that B exists? Maybe there is a way to forward or tunnel certain protocols through the Linux box, but this doesn't sound like a good idea to me. You could always use the old crusty SSH tunneling VPN's.. :)

Eric

P.S. - Don't ask how to do it with SSH. It's been too long.

dr3node wrote:

On Thursday 24 January 2002 21:55, you wrote:

IPSEC won't work through masquarading boxes or NAT firewalls.

is there any way way to cheat?

To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets