> On 20011005.1353, Jacob Meuser said ... > > I'm pretty happy with my 486 running OpenBSD. Comes with a stateful > packet filter (that's pretty easy to set up) and can be used in > "invisible" bridge mode. And if I want to get fancy, it has everything > I would need to do make an IPsec vpn.
I found this at freeswan.org: IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet. Would a common use for this be something like... 1 business having 3 branch offices, and them wanting a VPN between the 3, with secure encrypted transmissions along the untrusted internet? Something like that? It sounds pretty cool. What kind of performance loss is there with encrypting at the gateway? Does IPSEC just encrypt the data segment in the TCP/IP headers or something more? Where's a FAQ? I wanna know how it works. :) Thanks, Rob -- Rob <rob_at_euglug_dot_net> my @euglugCode = qw(v+++ e--- eug+ bsd+++ gnu+ S+++);
