On Sat, 2003-03-01 at 01:03, -ray wrote: > > Shannon, > > I am totally interested in doing this to connect two remote sites we have. > Two questions, that are probably in the faq, but why not keep some > discussion going here. :) > > 1. Does OpenBSD use FreeSwan for the ipsec/vpn stuff, or does it have > its own implementation? Freeswan is a pain, IMO... >
No the IPSec is implemented right into the kernel. > 2. Do you have one box at your main location that "terminates" the > connections for the remote sites, or does it require two boxes for each > connection? No, it is more of a star configuration. You just tell the kernel via a configuration file that any traffic going to X location is to be encrypted via this key and has X identifier... If you are doing manual keying anyway. Anything else gets more complicated. > > I haven't played with OpenBSD in a few years, so this would give me an > excuse to load it up again. I like OpenBSD, just not for my desktop. In fact, I am running snort on OpenBSD between my router and firewall. Shannon > > -ray > > > On 28 Feb 2003, Shannon Roddy wrote: > > > Sure, on the OpenBSD site. It is very simple. It took me less than a > > couple days to figure out how to do NAT, IPSec, fw, etc. to connect four > > remote internal networks so that they could talk to each other. > > > > http://www.openbsd.org/faq/faq6.html#PF > > http://www.openbsd.org/faq/faq6.html#NAT > > http://www.openbsd.org/faq/faq13.html > > > > > > Shannon > > > > On Fri, 2003-02-28 at 16:32, Mat Branyon wrote: > > > Installing OpenBSD as firewall/router. Any good tutorials out there? > > > > > > -- > > > Mat Branyon > > > [EMAIL PROTECTED] > > > http://locke.homeunix.org > > > > > > > > > _______________________________________________ > > > General mailing list > > > [email protected] > > > http://oxygen.nocdirect.com/mailman/listinfo/general_brlug.net > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://oxygen.nocdirect.com/mailman/listinfo/general_brlug.net > > > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Ray DeJean http://www.r-a-y.org > Systems Engineer Southeastern Louisiana University > IBM Certified Specialist AIX Administration, AIX Support > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > > _______________________________________________ > General mailing list > [email protected] > http://oxygen.nocdirect.com/mailman/listinfo/general_brlug.net
