On 2 Aug 2002, Kenneth E. Lussier wrote: > >From the outside in: > > router -> firewall -> FreeS/WAN gateway -> encrypted traffic to LAN. > > Each machine on the LAN had it's own keypair that was registered with > the gateway, so when a desktop was fired up, it would authenticate > itself to the gateway, and it was then free to communicate with anyone. > Anyone that was able to sniff the traffic just got encrypted streams. If > you could get a system onto the network, it would be useless unless the > gateway was compromised to accept a bogus key.
Very cool idea... I like it alot. Did you actually implement it? Any idea what the overhead was like? I imagine that your FreeS/WAN gateway would need some decent horsepower - otherwise you'd have scaling issues as your user base grows, right? For smaller networks, or maybe large networks segmented into smaller ones, this could be a nice setup. I guess one question is - the FreeS/WAN gateway solution still gives someone a connection in, correct? They can get on the network the same way (put a box in physically, have it phone home, connect) they just can't talk to anyone else. This solves the one problem, however, it doesn't solve the problem where you have a client that can't run something that talks to your FreeS/WAN gateway. Printservers, specialized boxes, etc.. Or do I misunderstand how you'd use it? -- If you must play, decide on three things at the start: the rules of the game, the stakes, and the quitting time. ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
