On 2004 11 26 (Friday) 14:14, Vesselin Kolev wrote:
> Doncho N. Gunchev wrote:
>
> > ÐÐÑÐÐÐÐÑÐ,
> > ÐÐÑÐÑÐÑÑÐÐ ÐÐ ÐÐÐ ÐÐ ÐÐÐÐÑÑÐÐÐ ÐÐ ipsec over
> > tcp (ÐÑÐ CISCO)
> >ÐÐ Linux 2.6 Ð ÐÐÐÑÐÐÐÑÐÑÐÑ ÐÐ ÐÑÐÑÐÑÐ.
> > ÐÐÐÐÐÐÐÑÑ ÐÑÐÐÐÐÑÐÑÐÐÐÐ.
> >
> >
> >
> ÐÑÐÐÐÐÑÑÑ Ð "ÐÐ" (ÐÐÐÐ ÐÐ Swan, ÐÐ ÑÑÐ ÑÐÐÑÑÐÐ,
> ÑÐ ÑÐÐÐ ÐÐÐÐ Ð ÐÐ
> "native" IPsec Ð 2.6). ÐÑÐÑÐÐÐÑÐ Ð, ÑÐ IPsec
> ÑÐÐÐÐÐÐÑÐÑÑÐ Ð Linux ÑÐÐÐÐÐ
> IETF ÐÐÐÑÐÐÐÑÐÑÐ ÐÐ ÑÐÐÐÑÐ IPsec Ð ÐÐ
> ÑÑÐÐÑÐÐÑÑÐÐ ÑÑÐÐÐ ÑÐ ÐÐÐÐÐÐÐÐ UDP,
> Ð ÐÐ TCP. ÐÐÐÐ SSL ÐÐÐÐÑÐÐÐÑÐ ÑÐÑÐÐÐÑ ÐÐ VPN
> ÐÐÐÐÐÐÐÐÑ TCP ÐÐÑÐÐÐ
> ÑÐÐÐÐÐÐÑÐÑÑÐ ÐÐ SSLv3, ÐÐ ÑÐÐÐ Ð ÐÐÐÐÑ ÐÑ IPsec.
>
> ÐÐ ÐÐ ÐÐÐÐÑÐÐ, ÑÐ ÑÑÐÐÑÐÐÑÑÐÐÑÐ ÑÑÐÐÐ ÑÐÐÐ
> ÐÐ ÑÐÐÐ ÑÐ ÐÐÑÐ ÐÐ Ð IPsec,
> ÐÐÑÐÑÐ ÐÑÐ ÐÐÑ ÐÑÐÐ AH. ÐÑ Ð ÐÐÐÐÑÐÐÐÑ,
> ÐÐÐÑÐ ÑÐ ÐÐÐÐÐÐÐÐ ÐÐ ÐÑÐÐÐÑ ÐÑÐÐ
> NAT (NAT Traversal) Ð ÐÑÐÑÐÐÐÑÐÑÐ ÐÐ ÐÑÐÐÐÐÐÑÐ
> ÐÐÐÑÐÐÑÐÑ Ð IPsec ÐÐ
> ÑÐÐÑÑÐÐÐÑÑÐÐÐÐ Ð ÐÐ ÐÐÐÑÐ ÑÑÑÐÐÐ
> ÑÑÐÑÑÐÐÑÐ Ð ÐÐÐÑÐÐÐÐÐÐÑÐ ÐÐ ÑÐÐÑÑÐÐÑÐ
> ÐÑÑÐÐÐ.
>
> ÐÐÐÐÑÐÐÐ
> ÐÐÑÐ
>
ÐÐÐÐÐÐÐÑÑ ÐÐ ÐÑÑÐÐÑ ÐÑÐÐÐÐÑ. ÐÐÐÐ Ð
ÑÐÑÑÐÑ CISCO ÐÐÐÐÑÐÐ ÐÐ ÑÐ
ÑÐÐÐÐÐÐ ÑÑÐÐÐÐÑÑÐ. ÐÐÐÐÑÑÐÐÐÐÑ ÐÑÐÐÐÑ,
ÐÐÐÑÐ ÐÐÐÐÑÐÑ, ÑÐÐÐÐÐÐÐÐÑ
ipsec over tcp Ð vpnc (http://www.unix-ag.uni-kl.de/~massar/vpnc/), Ð ÑÐÐ
ÐÐÑÐ:
Known Bugs / TODO
* rekeying is not supported (default rekey-intervall is 8 hours)
* certificate support (Pre-Shared-Key + XAUTH is known to be insecure!)
* hybrid auth support
* IPSec over TCP
--
Regards,
Doncho N. Gunchev Registered Linux User #291323 at counter.li.org
GPG-Key-ID: 1024D/DA454F79 http://pgp.mit.edu
Key fingerprint = 684F 688B C508 C609 0371 5E0F A089 CB15 DA45 4F79
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
