On Wed, 13 Dec 2017 12:44:55 -0500 Bill Shirley <b...@ultrapoly.polymerindustries.biz> wrote:
> I don't see that SSH tunneling or running IPSEC in a VM as a security > gain. It would be very complex with multiple points of failure. If > you don't trust the traffic from the other endpoint, filter it with > Shorewall after it's decrypted. After decryption a packet will > traverse the Shorewall rules where you can DROP or REJECT if desired. > > Also, with a IPSEC using manual keying, you don't even need > LibreSwan. Look at /usr/share/doc/initscripts/sysconfig.txt for > IPSEC setup. As one of the Libreswan authors I'd note it's "Libreswan" - no capital letters in the middle of the name, please. When suggesting manual keying, please note it is horribly insecure and should not be used: https://tools.ietf.org/html/rfc8221#section-3 -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
